Re: Minimum viable HW for OpenBSD

2024-03-15 Thread Olaf Schreck 
> Could you point out a hardware for this kind of use-case? I would liek to 
> have something smaller than a regular-Pi SBC.

I'm still playing with this kind of stuff.  Good luck on your journey, but
it will be a rough ride.  You already mentioned some issues.

I have/had a pair of Raspberry 3B and also a pair of Pine64 SBCs, running
OpenBSD 7.x and CARP failover for experimental things.  Working, but not as
reliable as I would like.

You seem to aim at even smaller boards like that, and newer ones should match
the specs of Raspi3B or Pine64.  However:

- there is no fine "sysupgrade" for these platforms, so you need to reinstall
  every time
- which means fiddling with non-OpenBSD "uboot" and EFI definition files
- consider creating a network boot infrastructure
- these devices are very sensitive to power voltage instabilities, triggering
  spontaneous reboots.  You may want to run them from stable USB power source
- I doubt this can be reasonably battery-powered, over longer time periods
- storage like SD-card or eMMS draw extra power during operation, writes may
  be unreliable during voltage drops
- storage like SD-card or eMMS will wear out and die hard, sooner or later
- Wifi hardware may not be supported
- RS232 serial usually provided (and working) by bus pinout, but you need to
  add a FTDI232 or CH340 adapter

That said, I'd like to hear about it if you find interesting hardware :)

Olaf

Re: many serial ports

2024-02-08 Thread Olaf Schreck 
> What HW do people use to read data from many serial ports
> simultaneously?

I use an 8-port Moxa CP-168U PCI card, and a 4-port LINDY 42690 USB
connector to access serial consoles.  Both work without issues since
several releases.

Olaf

Re: volatility or something like that in the future ?

2023-08-18 Thread Olaf Schreck 
> >> Furthermore, in my opinion - brace yourself, I might trigger an atomic
> >> war with what I'm about to say -

Don't worry.  OpenBSDs ministry of defence considered dropping atomic bombs
over Australia in the past.  It's considered an acceptable way of CVS
conflict resolution.

> 1. Volatility allows the detection of hidden kernel modules in a Linux
> environment, including typical LKM rootkits.

So, maybe don't use loadable kernel modules at all?  Problem gone, nothing
to detect here.

> 2. There are multiple methods for RAM dumping, some of which cannot be
> circumvented and do not require specific software or interfaces.

I'm not a dev, but I do trust the devs handling that.

Regarding the rest of your reasoning, I think you are way off-track.  Linux
assumptions do not apply.

Re: PC Engines APU platform EOL

2023-05-04 Thread Olaf Schreck 
> > The edgerouter 6p works with OpenBSD/octeon and has a rackmount bracket.

> Wow. And it has a serial port. with an RJ45 connector. Hopefully the RS232
> pinouts are nicely documented somewhere. Cannot seem to find those details
> right now.

I have an edgerouter lite with this RJ45 serial port.  Works just fine with
the blue "Cisco" serial cables.

Re: PPPoE - Connection reset by peer

2008-08-15 Thread Olaf Schreck 
> Warning: disable lcp: Invalid command
> Warning: disable lcp: Failed 1

Brainfart, sorry.  I confused it with "disable lqr" which had fixed a 
different problem for me.  No idea for your problem.

Sorry for posting noise.

Re: PPPoE - Connection reset by peer

2008-08-14 Thread Olaf Schreck 
> Aug 14 16:44:28 proxy ppp[23119]: tun1: Phase: deflink: login -> lcp
> Aug 14 16:44:28 proxy ppp[23119]: tun1: LCP: FSM: Using "deflink" as a 
> transport
[...]
> Aug 14 16:44:28 proxy ppp[23119]: tun1: Phase: deflink: read (0):
> Connection reset by peer
[...]
> Aug 14 16:44:28 proxy ppp[23119]: tun1: Phase: deflink: Disconnected!

Looks like the remote peer does not like LCP.  Try "disable lcp".


ciao,
chakl

Re: SGI install -current: autoboot failed

2008-04-23 Thread Olaf Schreck 
> > I think I'm gun shy from my mac installs but there is a p partition on
> > the drive that takes up the first 3515 blocks of the drive and I'm
> > thinking I have to leave that there. Please correct me if I'm wrong.
> > Otherwise I did the normal install...
> 
> Yes, you need to leave it there - the SGI Volume Header takes up the first 
> few 
> blocks of the disk.

Oh, I wanted to ask this for quite some time:

Can I create this volume header without an IRIX installation?

The disk in my O2 died, I have another SCA disk (from a Sun), wiped clean. 
And my old IRIX CDs have read errors, so I can't even install IRIX from 
scratch just to prepare the disk.

Any workarounds?


Thanks,
chakl

Re: IP over Simulated Radio/Satellite Channels

2007-11-26 Thread Olaf Schreck 
> In an effort to port a Performance Enhancing Proxy (PEP, see scps.org)
> to OpenBSD, I am looking at ways to simulate radio channels at IP
> level with loss rate, delay and jitter. 

Not sure whether it fits your purpose, but honeyd can _simulate_ that.

http://www.citi.umich.edu/u/provos/honeyd/


ciao,
chakl

ThinkPad R60, no apm

2007-09-11 Thread Olaf Schreck 
Hi,

I'm having a minor problem with apm and 4.2 snapshot on a Lenovo ThinkPad R60.

I noticed that "halt -p" does not power off.  I read reboot(8), and I have 
"powerdown=YES" in /etc/rc.shutdown.

It might be related to apm0 not being detected, dmesg below.  I also 
noticed the error/warning "apm: connect error" from the boot loader, before 
a kernel gets loaded.  Might be related.

Loading...
probing: pc0
apm: connect error
 mem[628k 3069M a20=on]
disk: hd0+
>> OpenBSD/i386 BOOT 3.01
boot> 

Kernel is "4.2 (GENERIC.MP) #234", snapshot was pulled today.  I did 
"enable acpi" with "config -ef /bsd.mp".  Same problem with 4.1-stable.

Maybe also related: In 4.2-snapshot "sysctl hw.setperf" does work, while 
4.1-stable would give me "sysctl: hw.setperf: value is not available".


Any clues to get apm working?

Thanks, Olaf


dmesg:

OpenBSD 4.2 (GENERIC.MP) #234: Wed Aug  8 20:52:36 MDT 2007
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz ("GenuineIntel" 686-class) 1.83 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR
real mem  = 3219550208 (3070MB)
avail mem = 3120197632 (2975MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 04/18/07, BIOS32 rev. 0 @ 0xfd690, SMBIOS 
rev. 2.4 @ 0xe0010 (68 entries)
bios0: vendor LENOVO version "7CETC6WW (2.16 )" date 04/18/2007
bios0: LENOVO 9461DXG
pcibios0 at bios0: rev 2.1 @ 0xfd620/0x9e0
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdea0/272 (15 entries)
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82371FB ISA" rev 0x00)
pcibios0: PCI bus #22 is the last bus
bios0: ROM list: 0xc/0xfe00 0xd/0x1600 0xd1800/0x1000 0xdc000/0x4000! 
0xe/0x1!
acpi0 at mainbus0: rev 2
acpi0: tables DSDT FACP SSDT ECDT TCPA APIC MCFG HPET SLIC BOOT SSDT SSDT SSDT 
SSDT 
acpitimer at acpi0 not configured
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 166 MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz ("GenuineIntel" 686-class) 1.83 GHz
cpu1: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins
ioapic0: duplicate apic id, remapped to apid 2
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (AGP_)
acpiprt2 at acpi0: bus 2 (EXP0)
acpiprt3 at acpi0: bus 3 (EXP1)
acpiprt4 at acpi0: bus 4 (EXP2)
acpiprt5 at acpi0: bus 12 (EXP3)
acpiprt6 at acpi0: bus 21 (PCI1)
acpiec at acpi0 not configured
acpicpu at acpi0 not configured
acpicpu at acpi0 not configured
acpitz at acpi0 not configured
acpitz at acpi0 not configured
acpibtn at acpi0 not configured
acpibtn at acpi0 not configured
acpibat at acpi0 not configured
acpibat at acpi0 not configured
acpiac at acpi0 not configured
acpidock at acpi0 not configured
cpu0: unknown Enhanced SpeedStep CPU, msr 0x06130b2506000b25
cpu0: using only highest and lowest power states
cpu0: Enhanced SpeedStep 1833 MHz (1292 mV): speeds: 1833, 1000 MHz
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82945GM MCH" rev 0x03
ppb0 at pci0 dev 1 function 0 "Intel 82945GM PCIE" rev 0x03
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 vendor "ATI", unknown product 0x7145 rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
azalia0 at pci0 dev 27 function 0 "Intel 82801GB HD Audio" rev 0x02: apic 2 int 
17 (irq 11)
azalia0: host: High Definition Audio rev. 1.0
azalia0: codec: Analog Devices AD1981HD (rev. 2.0), HDA version 1.0
azalia0: codec: Conexant/0x2bfa (rev. 0.0), HDA version 0.9
azalia0: codec[1]: No support for modem function groups
azalia0: codec[1]: No audio function groups
audio0 at azalia0
ppb1 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x02
pci2 at ppb1 bus 2
bge0 at pci2 dev 0 function 0 "Broadcom BCM5751M" rev 0x21, BCM5750 C1 
(0x4201): apic 2 int 16 (irq 11), address 00:16:d3:b8:b3:03
brgphy0 at bge0 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0
ppb2 at pci0 dev 28 function 1 "Intel 82801GB PCIE" rev 0x02
pci3 at ppb2 bus 3
wpi0 at pci3 dev 0 function 0 "Intel PRO/Wireless 3945ABG" rev 0x02: apic 2 int 
17 (irq 11), MoW2, address 00:1b:77:53:f6:6e
ppb3 at pci0 dev 28 function 2 "Intel 82801GB PCIE" rev 0x02
pci4 at ppb3 bus 4
ppb4 at pci0 dev 28 function 3 "Intel 82801GB PCIE" rev 0x02
pci5 at ppb4 bus 12
uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x02: apic 2 int 16 
(irq 11)
uhci1 at pci0 dev 29 function 1 "Intel 82801GB USB" rev 0x02: apic 2 int 17 
(irq 11)
uhci2 at pci0 dev 29 function 2 "Intel 82801GB USB" rev 0x02: apic 2 int 18 
(irq 11)
uhci3 at pci0 dev 29 function 3 "I

Re: Recommend Technical Networking Book?

2007-04-17 Thread Olaf Schreck 
> # The Tao of Network Security Monitoring: Beyond Intrusion Detection, 
> # 
> 
>  
> # by Richard Bejtlich 
> # 
> 
> 
> 
> This is the only one I can comment, having read it cover to cover sometime 
> last year.  First off, it is excellent.

Seconded.  Excellent book.


ciao,
chakl
-- 
"To prevent fraud enter your credit card information please:"

Re: monitoring traffic/bandwidth on a bridge

2007-02-27 Thread Olaf Schreck 
> # ntop -i bridge0
> bridge0: no IPv4 address assigned
> 
> Unless I am misunderstanding the concept of a bridge, I don't think a
> bridge can even have an IP address. Any ideas?

A bridge *interface* can have an IP address, though that's not a common 
configuration.  Try assigning an address to one of the bridge interfaces 
and point ntop to that interface instead of bridge0.


ciao,
chakl

Re: Route-based VPN Interop

2007-02-27 Thread Olaf Schreck 
> You should be able to run OSPF over gif(4), I don't think you can
> run it over gre(4) on OpenBSD at the moment.

Yes you can.  Multicast over gre(4) works since 4.0 IIRC.


ciao,
chakl

Re: Net-SNMP In OpenBSD 4.0-Stable

2007-01-08 Thread Olaf Schreck 
> $ sudo snmpwalk -v 1 -c emf-obsd localhost .1.3.6.1.4.1.2021.11.9.0
> Timeout: No Response from localhost
> $
> 
> What went wrong with my configuration?

Might happen for various reasons, look in the net-snmp FAQ
/usr/local/share/doc/net-snmp/FAQ

Search for "Requests always seem to timeout".

Check syslog for snmp messages.  Can you see SNMP packets with tcpdump?


ciao,
chakl
-- 
"So if you design a new security system, you can't get it supported in Windows
Vista until well-known computer security experts like Disney, MGM, and 20th
Century-Fox give you the go-ahead." --Peter Gutmann

Re: snort -i pflog0 trouble

2006-12-06 Thread Olaf Schreck 
> I'm novice with OpenBSD and , may be
> snort -i pflog0
> a kind of bad practice? Or it known problem with OpenBSD 4.0 ?

Won't work.  Although pflog does create pcap style output, it is not 
data that would make sense to snort.

Use real interfaces for snort (eg rl0, fxp1, whatever).


ciao,
chakl

USB MIDI fun - OpenBSD beats Windoze

2006-11-17 Thread Olaf Schreck 
Hi,

I'm a hobbyist musician, and I recently bought this cheap keyboard (with 
MIDI) and a USB-MIDI adapter.  I wanted to use some MS-Windoze software, but 
I had zero success to get that USB-MIDI adapter recognized by my notebook's 
WinXP Home (-current).  Some googling told me several people had the same 
problem with this device.  Ok, crap, return to store.

Before returning it, and just for kicks, I decided to see what OpenBSD 
4.0-stable thinks of this device.  In a nutshell: it just works.

The device is branded "Swissonic MIDI-USB 1x1".  Here's a dmesg snippage 
(full dmesg below):

midi0 at pcppi0: 
umidi0 at uhub2 port 2 configuration 1 interface 0
umidi0: ? product 0x0011, rev 1.10/0.01, addr 2
umidi0: (genuine USB-MIDI)
umidi0: out=1, in=1
midi1 at umidi0: 

"apropos midi" told me about midiplay(1) in the core OS.  midiplay seems 
to recognize the USB device:

$ midiplay -l  
0: PC speaker
1: USB MIDI I/F

Looks promising.  I plugged the (WinXP-notwork) MIDI-jacks into the 
keyboard, and sure enough, it would play:

$ midiplay -d 1 Another_One_Bites_the_Dust.mid  
^C

Wow, that rocks :)  It "just works"(tm) in OpenBSD.  And the documentation 
is correct and to the point.  My hat is off to you..


ciao,
chakl

full dmesg: [Toshiba Satellite A50 notebook]

OpenBSD 4.0 (GENERIC) #0: Thu Oct 19 14:43:36 CEST 2006
[EMAIL PROTECTED]:/share/src40/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) M processor 1.60GHz ("GenuineIntel" 686-class) 1.60 
GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,SBF,EST,TM2
cpu0: Enhanced SpeedStep 1600 MHz (1340 mV): speeds: 1600, 1400, 1200, 1000, 
800, 600 MHz
real mem  = 518877184 (506716K)
avail mem = 465342464 (454436K)
using 4256 buffers containing 26046464 bytes (25436K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(63) BIOS, date 04/28/04, BIOS32 rev. 0 @ 0xfc123, 
SMBIOS rev. 2.3 @ 0xec000 (39 entries)
bios0: TOSHIBA Satellite A50
apm0 at bios0: Power Management spec V1.2
apm0: battery life expectancy 100%
apm0: AC on, battery charge high, estimated 2:05 hours
apm0: flags 20102 dobusy 0 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf01b0/144 (7 entries)
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82371FB ISA" rev 0x00)
pcibios0: PCI bus #3 is the last bus
bios0: ROM list: 0xc/0x1 0xe/0x1!
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82852GM Hub-PCI" rev 0x02
"Intel 82852GM Memory" rev 0x02 at pci0 dev 0 function 1 not configured
"Intel 82852GM Configuration" rev 0x02 at pci0 dev 0 function 3 not configured
vga1 at pci0 dev 2 function 0 "Intel 82852GM AGP" rev 0x02: aperture at 
0xd800, size 0x800
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
"Intel 82852GM AGP" rev 0x02 at pci0 dev 2 function 1 not configured
uhci0 at pci0 dev 29 function 0 "Intel 82801DB USB" rev 0x03: irq 10
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 29 function 1 "Intel 82801DB USB" rev 0x03: irq 11
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
uhci2 at pci0 dev 29 function 2 "Intel 82801DB USB" rev 0x03: irq 11
usb2 at uhci2: USB revision 1.0
uhub2 at usb2
uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
ehci0 at pci0 dev 29 function 7 "Intel 82801DB USB" rev 0x03: irq 11
usb3 at ehci0: USB revision 2.0
uhub3 at usb3
uhub3: Intel EHCI root hub, rev 2.00/1.00, addr 1
uhub3: 6 ports with 6 removable, self powered
ppb0 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0x83
pci1 at ppb0 bus 1
iwi0 at pci1 dev 5 function 0 "Intel PRO/Wireless 2200BG" rev 0x05: irq 11, 
address 00:0e:35:6b:2b:7b
"TI TSB43AB21 FireWire" rev 0x00 at pci1 dev 7 function 0 not configured
fxp0 at pci1 dev 8 function 0 "Intel PRO/100 VE" rev 0x83, i82562: irq 11, 
address 00:0e:7b:e8:0b:1c
inphy0 at fxp0 phy 1: i82562ET 10/100 PHY, rev. 0
cbb0 at pci1 dev 11 function 0 "Toshiba ToPIC100 CardBus" rev 0x33: irq 11
cardslot0 at cbb0 slot 0 flags 0
cardbus0 at cardslot0: bus 3 device 0 cacheline 0x0, lattimer 0x0
pcmcia0 at cardslot0
ichpcib0 at pci0 dev 31 function 0 "Intel 82801DBM LPC" rev 0x03
pciide0 at pci0 dev 31 function 1 "Intel 82801DBM IDE" rev 0x03: DMA, channel 0 
configured to compatibility, channel 1 configured to compatibility
wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA, 57231MB, 117210240 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0:  SCSI0 5/cdrom 
removable
cd0(pciide0:1:0): using PIO mode 4, Ult

Re: nokia IP120 problem

2006-10-19 Thread Olaf Schreck 
On Wed, Oct 18, 2006 at 11:29:11PM +0100, Stuart Henderson wrote:
> On 2006/10/19 00:57, Denis Doroshenko wrote:
> > i saw, the mails recently WRT software reboot, but that's the
> > least problem with mine. the poor beast locks solid after random
> > period of time (that's why it came to me). have thrown that bloody
> > early-fbsd-hacked-into-ipso and put the latest snapshots. well
> > it locks still, even at the boot prompt! ethernet leds go off and
> > the box rests enlessly.
> 
> sounds like hardware. maybe worth trying another psu.

Seconded.  Seen the same behavior with two hardware platforms that 
had a poor PSU.  Not Nokias, though.


ciao,
chakl

AMD Geode LX 800 supported?

2006-07-27 Thread Olaf Schreck 
Hi,

Anyone know whether AMD Geode LX-800 CPUs (CS-5536 chipset) are 
supported?  It is not listed on www.openbsd.org/i386.html


Thanks,
chakl

Re: enable ssl-mysql in snort (ports build)

2005-11-15 Thread Olaf Schreck 
Hi,

> works fine except that I want the communication between Snort (on 
> firewall) and Mysql Server (currently my desktop for testing) to be 
> encrypted. In the past I had done this on OpenBSD using Stunnel with 
> mysql 3.xx.xx. I'm trying to get it all going with ssl enabled mysql  
> client and server.

Not supported by snort.  To get encrypted DB logging use stunnel, ssh or 
IPSec.

Apart from that it's a bad idea.  SQL logging from the snort process 
will create overhead that will slow down the detection engine to the 
point that it might miss packets.  Adding SSL to that would increase 
the overhead even more.

Look at barnyard for SQL logging from snort, and use any transport 
encryption method you prefer.


ciao,
chakl

Re: snortsam compiling problems

2005-09-15 Thread Olaf Schreck 
> Yes, I tried to use 3.7
> wich version should I use ?

3.7 and ssp_pf2 plugin (when it's released, real soon now)


ciao,
chakl

Re: snortsam compiling problems

2005-09-15 Thread Olaf Schreck 
> aclocal: "Provide an AUTOMAKE_VERSION enviroment variable, please"
> autoheader: "Provide an AUTOCONF_VERSION enviroment variable, please"

Do what you're told.  Create these environment variables.  Do 
"ls -l /usr/local/bin/auto*" to see what versions numbers to put there.

> PS.: snort 2.1.2 from the ports

That's *wy* old, better compile 2.4.x from source.  If you do that, 
prepare to install automake-1.6 from source as well.

> and snortsam 2.40 from the source

Are you running 3.7?  The snortsam pf plugin won't work on 3.7.  I have 
a new pf2 plugin that will work, but it's not ready for prime time yet.


ciao,
chakl

Re: rc.local / snort startup help

2005-09-15 Thread Olaf Schreck 
> However, a log is created in /nsm/em0/today/em0.snort.log.1126727428
> which is 24 bytes that I can't read

That's from unified logging which is roughly pcap format.  The 24 bytes 
are similar to the pcap file header, i.e. it is an empty log file.

> Question 1) Is snort running but not shown w/ the ps flags I'm using?  

I use "ps auxww", the snort process should show up.  If it doesn't, 
you probably have configuration errors.  See also the -T flag (test mode).

> Question 2) Does anyone know how to read the snort.log file?

I use barnyard for this.  You may want to change unified logging to 
syslog logging in order to see alerts in plaintext.

> Question 3) if there is an error with a script in rc.local where does
> the error get logged?

That's up to you and your app, there's no special mechanism.


ciao,
chakl

Re: ldap ldif problem on bsd 3.7

2005-06-06 Thread Olaf Schreck 
Markus,

> > What do the entries before and after line 421 look like?
> 
> 420   modifyTimestamp: 20050531112005Z
> 421
> 422   dn: ou=addr,uid=markert,ou=Users,ou=OxObjects,dc=suchtreffer,dc=de

I meant the whole records, not single lines.  Records are separated by 
blank lines.  Try to find the offending records and look at them more 
closely.

Cheap shot: spurious blank characters? 

ciao,
-- 
Olaf Schreck[EMAIL PROTECTED]syscall() Network Solutions, Berlin

Re: ldap ldif problem on bsd 3.7

2005-06-06 Thread Olaf Schreck 
> afaiR, ldif files can't have blank lines

nonsense.

> >slapadd: could not parse entry (line=421)
> >added: 
> >"ou=addr,uid=markert,ou=Users,ou=OxObjects,dc=suchtreffer,dc=de" (0019)
> >
> >but the line 421 is empty. strange.

What do the entries before and after line 421 look like?
What happens when you comment out either one, or both?
What follows the record shown as "added" above?


ciao,
chakl
-- 
Olaf Schreck[EMAIL PROTECTED]syscall() Network Solutions, Berlin

Re: [e-daf-info] Nr. 5/2005: Den Waehlern auf der Spur

2005-05-31 Thread Olaf Schreck 
On Tue, May 31, 2005 at 11:26:54AM +0200, [EMAIL PROTECTED] wrote:
> INFOBRIEF DEUTSCH ALS FREMDSPRACHE (E-DaF-Info)

I have asked this guy twice to stop spamming misc@, and I know of 
at least two other misc@ readers who did the same.

Apart from plain lies ("address has been deleted", "blocked from 
resubscribing", "double opt-in"), he keeps spamming, search the 
archives for "e-daf".

Here's the contact information, in case you want to drop a note:

Andreas Westhofen, M.A.
- Online-Redaktion -
Tel: +49/(0)211/81-15182
Fax: +49/(0)211/81-12537
E-Mail: [EMAIL PROTECTED]


ciao,
chakl

sched_get_priority_min() ?

2005-05-26 Thread Olaf Schreck 
Hi,

I'm trying to build fprobe (NetFlow probe, http://fprobe.sourceforge.net/) 
on 3.7/i386, but linking bombs out with undefined references to 
sched_get_priority_{min,max}.

I see these declared in /usr/include/sched.h but I can't find the lib 
to link with.  Passing -lpthread doesn't help.  nm /usr/lib/* | grep ... 
doesn't show.  Found a few references to this in the gcc/libstdc++ and 
compat_linux src, but this is getting too deep for me..

This is only used to set 2 vars so it's easily faked if I knew what to 
put there:
sched_min = sched_get_priority_min(SCHED);
sched_max = sched_get_priority_max(SCHED);

Anyone could shine a light?  Thanks in advance.


ciao,
chakl