Snort mailing list archives

Re: How can I tell if spade is running?

From: James Hoagland <hoagland () silicondefense com>
Date: Wed, 29 Aug 2001 07:51:47 -0700

At 9:18 AM +0100 8/29/01, Matthew Collins wrote:

 >>> James Hoagland <hoagland () silicondefense com> 28/08/01 16:40:37 >>>
Just wondering.  For what reason did you change CallAlertFuncs to
CallAlertPlugins?
I noticed that stream4 was using that, rather than CallAlertFuncs,so just thought I'd try it.

There doesn't seem to be too much difference, but as far as I knowCallAlertFuncs is the one Spade is supposed to call.

 >>I don't know why I only got the Fatal error message when I put the

debug level up, looking at the code it should always produce that
message.

Not sure.  To start with I'd need to know how you changed the debug
level.  And also precisely what error message you got.


I set as_debug = 1 at the top of the spp_anomsenor.c file.
The error message was
FATAL ERROR: spp_anomsensor: unable to open /var/log/spade./log.txt

You are right, it shouldn't matter according to the code. ThereforeI suspect that some other change was made at the same time as settingas_debug, which caused the error to show up. Or perhaps the messagewas not noticed before. That's all I can think of.

Spade had not been running long, an hour at the most. I was playingaround with settings as well. I'm going to keep an eye out for itnow it's all settled down again.


That may well not have been long enough, depending on your network.

Good luck,

  Jim
--
|*   Jim Hoagland, Associate Researcher, Silicon Defense    *|
|*               hoagland () SiliconDefense com                *|
|*              http://www.silicondefense.com/              *|
|*      Silicon Defense - Technical Support for Snort       *|
|*  Voice: (530) 756-7317              Fax: (530) 756-7297  *|

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

How can I tell if spade is running? Matthew Collins (Aug 23)
- Re: How can I tell if spade is running? Gary Grim (Aug 23)
  - Re: How can I tell if spade is running? James Hoagland (Aug 23)
- <Possible follow-ups>
- Re: How can I tell if spade is running? Matthew Collins (Aug 24)
  - Re: How can I tell if spade is running? James Hoagland (Aug 28)
- Re: How can I tell if spade is running? Matthew Collins (Aug 29)
- Re: How can I tell if spade is running? James Hoagland (Aug 29)