Snort mailing list archives

Fwd: Re: abnormal spade behavior!

From: Mahdi Kefayati <kefaiati () yahoo com>
Date: Tue, 25 Feb 2003 11:32:54 -0800 (PST)


 
 Note: forwarded message attached.



---------------------------------
Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, and more

--- Begin Message --- From: Mahdi Kefayati <kefaiati () yahoo com>
Date: Mon, 24 Feb 2003 20:30:15 -0800 (PST)


In the Name of the Dearest
Dear James
AsIdon have access to my IDS now and you know spade versions are somehowcomplicated I don't know what versionI use, 
Just I know it's the version comming with snort-stable (1.9.0) and I'vedownloaded it about 2weeks ago.
I've read the Documentation. I myself enabled the survey also enabled database reporting and I saw some alerts there, 
survey files are also created.But spade.rcv is never created. spade.log was created at some start ups but was empty 
andsome times there wereamessage telling that snort is okbut spade has shut down! by the way I'm using snort 1.9.0 on 
redhat 8.0, AMD Athlon 900 + 128MB of RAM. and I run a fresh proccess of snort for spade with no rules, just spade 
preproccessors and database output.
Regards
Mahdi Kefayati
 James Hoagland <jim () SiliconDefense com> wrote:At 12:31 AM -0800 2/24/03, Mahdi Kefayati wrote:

In the Name of the Dearest

Hi Everybody

I'm running spade using the standard conf file bundled
with spade; however, when I run snort using that conf
file no spade.rcv and spade.log file is created but
survey files are created! Also when I merge spade
configs with snort main conf file, snort runs properly
but spade catches a kill signal and stops working.


Mahdi,

What version of Spade are you using?

Note that the spade.rcv file will only be created periodically (by 
default after 50000 updates), on certain signals, and on snort exit. 
Spade.log is only created on snort exit.

Also, if you are using the standard configuration, you should not be 
seeing any survey files since survey mode is disabled in that 
document.

Kind regards,

Jim
-- 
|* Jim Hoagland, Associate Researcher, Silicon Defense *|
|* --- Silicon Defense: The Cyberwar Defense Company --- *|
|* jim () SiliconDefense com, http://www.silicondefense.com/ *|
|* Voice: (530) 756-7317 Fax: (530) 756-7297 *|


---------------------------------
Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, and more

--- End Message ---

Current thread:

abnormal spade behavior! Mahdi Kefayati (Feb 24)
- Re: abnormal spade behavior! James Hoagland (Feb 24)
- <Possible follow-ups>
- Fwd: Re: abnormal spade behavior! Mahdi Kefayati (Feb 25)