[Efw-user] RES: Problems updating snort
Thanks for your help. It was crucial to put the service of snort running again. Regard´s Marco Aurélio -Mensagem original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Em nome de CoryC Enviada em: domingo, 21 de outubro de 2007 23:03 Para: efw-user@lists.sourceforge.net Assunto: Re: [Efw-user] Problems updating snort Ok, so doing this broke snort but starting snort from command line I was able to see that it had issues with some of the rules. I had to edit /etc/snort/snort.conf and comment out the following rulesets to get it to work: include $RULE_PATH/ftp.rules include $RULE_PATH/web-client.rules include $RULE_PATH/netbios.rules Afterwards I was able to get snort to start successfully from the console and from the web interface. I haven't looked into the rulesets yet to see which particular rule was causing snort to croak. You can run snort from the command line with the following: snort -c /etc/snort/snort.conf and it will tell you where the problem might be. Offtopic: Anybody have an idea why my name is showing up as h-h2? I've double checked my e-mail options to make sure my name is set correcly. - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Problems updating snort
Ok, so doing this broke snort but starting snort from command line I was able to see that it had issues with some of the rules. I had to edit /etc/snort/snort.conf and comment out the following rulesets to get it to work: include $RULE_PATH/ftp.rules include $RULE_PATH/web-client.rules include $RULE_PATH/netbios.rules Afterwards I was able to get snort to start successfully from the console and from the web interface. I haven't looked into the rulesets yet to see which particular rule was causing snort to croak. You can run snort from the command line with the following: snort -c /etc/snort/snort.conf and it will tell you where the problem might be. Offtopic: Anybody have an idea why my name is showing up as h-h2? I've double checked my e-mail options to make sure my name is set correcly. - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
[Efw-user] RES: Problems updating snort - DON ´T DO THIS!!!!
It also changed the file to test and not satisfied. He updates the rules, but stop snort. How do you go back, because not even change the file ids.cgi to not work more. Marco Aurélio -Mensagem original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Em nome de kreative Enviada em: domingo, 21 de outubro de 2007 19:35 Para: efw-user@lists.sourceforge.net Assunto: Re: [Efw-user] Problems updating snort DON'T DO THIS ! Don't change the ids page. If you have then check your Status page. Your IDS status will show its not running. Like mine! The 2.4 version, as you would expect if you think about it, look like they aren't compatible with 2.3 -- View this message in context: http://www.nabble.com/Problems-updating-snort-tf4619676.html#a1577 Sent from the efw-user mailing list archive at Nabble.com. - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Problems updating snort
DON'T DO THIS ! Don't change the ids page. If you have then check your Status page. Your IDS status will show its not running. Like mine! The 2.4 version, as you would expect if you think about it, look like they aren't compatible with 2.3 -- View this message in context: http://www.nabble.com/Problems-updating-snort-tf4619676.html#a1577 Sent from the efw-user mailing list archive at Nabble.com. - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Problems updating snort
Thx a lot h h-2! =) I guess this is a task for the devs. to take care of, I hope they read this mailing list or? h h-2 wrote: > > The problem with the updating of snort rules is that > the 2.3 ruleset is no longer available on snort.org. > > I modified the /home/httpd/cgi-bin/ids.cgi file and > replaced 2.3 with 2.4 and didn't get the error when I > clicked on "download new ruleset". It showed that > updated rules were downloaded but I don't know fully > if it is fully working or not yet. > > - > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > ___ > Efw-user mailing list > Efw-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/efw-user > > -- View this message in context: http://www.nabble.com/Problems-updating-snort-tf4619676.html#a13331555 Sent from the efw-user mailing list archive at Nabble.com. - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Problems updating snort
The problem with the updating of snort rules is that the 2.3 ruleset is no longer available on snort.org. I modified the /home/httpd/cgi-bin/ids.cgi file and replaced 2.3 with 2.4 and didn't get the error when I clicked on "download new ruleset". It showed that updated rules were downloaded but I don't know fully if it is fully working or not yet. - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
[Efw-user] crontab
I'm trying to port a Smoothwall mod (http://community.smoothwall.org/forum/viewtopic.php?t=14049) over to efw and just about have it working. The problem I'm having is getting the following to run from /etc/crontab: # perfstats */5 * * * * root /usr/local/sbin/pmgraph.pl /home/httpd/html/perfstats /var/log/snort/snort.stats >/dev/null I can run the command from the shell but can't get it or any other command I add to /etc/crontab to run. Suggestions? - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
