-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Mike,
Donnelly, Michael (OFT) wrote:
| I'm receiving this error in my syslog after installing the botnets
| plugin:
|
| nfsen[15739]: Failed to get alert condition fom plugin 'Botnets': ERR
| Plugin: Error while running plugin 'Botnets': can't import botnets at
| /usr/local/nfsen/plugins/Botnets.pm line 90, <STDIN> line 6.
You should directly contact the author of this plugin.
- Peter
|
|
| I installed the botnets plugin and its contents into the .../plugins/
| directory.. the nightly cronjob Is running without error ..
| the directory contents are:
| [EMAIL PROTECTED] etc]# ls -l /usr/local/nfsen/plugins/
| -rw-r--r-- 1 apache apache 2286 Jul 14 20:06 bleeding-botcc.rules
| -rwxr-xr-x 1 apache apache 131 Jul 14 16:53 botnet.cron
| -rw-r--r-- 1 apache apache 8 Jul 14 23:00 botnets-filter.txt
| -rw-r--r-- 1 apache apache 3945 Jul 14 15:51 Botnets.pm
| -rw-rw-r-- 1 apache apache 5978 May 14 13:27 demoplugin.pm
| -rw-r--r-- 1 apache apache 12696 Jul 11 15:09 Events.pm
| -rwxr-xr-x 1 apache apache 454 Jul 14 15:51 get_botnets
| -rw-rw-r-- 1 apache apache 13692 May 14 13:27 smily.jpg
| --------------
| Nfsen.conf holds the following (related) entries:
| @plugins = (
| # profile # module
| [ '!', 'Events' ],
| [ '!', 'Botnets' ],
| );
| - - - - <SNIP> - - - - -
| # Events Plugin
| events => {
| db_connection_string
| =>"DBI:mysql:database=events;host=localhost;port=3306",
| db_user => "root",
| db_passwd => "xxxxxxxxx",
| },
| # Botnets Plugin
| botnets => {
| import_cmd => "/usr/local/nfsen/plugins/get_botnets <
| /usr/local/nfsen/plugins/bleeding-botcc.rules",
| match_port => 0,
| match_proto => 0,
| },
| ------------------------
|
| The db username/password/database name is correct and tested.
| The events database tables are empty (0 rows)
|
| Where do I go with this?
|
| Thanks !
| Mike D
| --------------------------------------------------------
| This e-mail, including any attachments, may be confidential, privileged or
otherwise legally protected. It is intended
only for the addressee. If you received this e-mail in error or from someone
who was not authorized to send it to you,
do not disseminate, copy or otherwise use this e-mail or its attachments.
Please notify the sender immediately by reply
e-mail and delete the e-mail from your system.
|
|
| -------------------------------------------------------------------------
| This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
| Build the coolest Linux based applications with Moblin SDK & win great prizes
| Grand prize is a trip for two to an Open Source event anywhere in the world
| http://moblin-contest.org/redirect.php?banner_id=100&url=/
| _______________________________________________
| Nfsen-discuss mailing list
| [email protected]
| https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
- --
_______ SWITCH - The Swiss Education and Research Network ______
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland
E-mail: [EMAIL PROTECTED] Web: http://www.switch.ch/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
iQCVAwUBSH2TnP5AbZRALNr/AQLq/gQAnI+W8OfUtnSvJ97+jSkhx0br3pRjnME0
zkXl4BwZzGFTLPcR3KA45eLFlun6XcxMxlxOfTdNPkJju5SuiMQnUCjJP6GKyfj1
Lr63ZyR6tO66CXJK5KS0ZAY6kFIg3UeN6S8mzOuWyDRIO3Z9e4LoADb/NF0Wa3Mb
zu5j+3l5Kz8=
=dtue
-----END PGP SIGNATURE-----
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Nfsen-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
