Snort mailing list archives
Re: SnortCenter v1.0-RC1 works?
From: "Y P Chien" <ypchien () is-focus net>
Date: Sat, 13 Sep 2003 04:48:51 +0800
I am wondering anybody has had SnorCenter v1.0-RC1 working at all? I have posted similar question before regarding the problem of the "Rule Selection" under "Sensor Configuration". When you choose the "Rule Selection" under "Sensor Configuration", you will get the Database Error with the following error message: Warning: Division by zero in /var/www/html/snortcenter/sensor_rules.php on line 370 As such, I was not able to configure and push rules to the Snort.conf file on the sensor. I was able to push all the rest configurations to the sensor. Any suggestion and help we can get, will be greatly appreciated. YP ----- Original Message ----- From: "Dax Kelson" <Dax () GuruLabs com> To: <snort-users () lists sourceforge net> Sent: Saturday, September 06, 2003 11:20 AM Subject: [Snort-users] SnortCenter v1.0-RC1 works?
I was wondering if anyone has tried out SnortCenter v1.0-RC1? This is my experience so far: I was wondering if anyone can has encountered the same or gotten further. =================================== I'm using ADODB v372. I changed the following lines in my snortcenter/config.php. (real values changed to project the innocent) $DBlib_path = "/var/www/adodb-372/"; $DB_user = "snortc"; $DB_password = "snortcpass"; $hidden_key_num = "114096721009" I configured Mysql and created the schema with: # mysql snortcenter < /var/www/html/snortcenter/snortcenter_db.mysql In the SnortCenter web interface I changed my admin password and then did: Admin -> Import/Update Rules -> Update from Internet The follow error shows up on the screen: Database ERROR: Database ERROR:Unknown column 'byte_jump' in 'field list' If I grep for "byte_jump" in the snortcenter_db files I don't get any matches. Also, in my web server error log these entries appeared: tar: rules/attack-responses.rules: Wrote only 4096 of 10240 bytes tar: Skipping to next header tar: rules/bad-traffic.rules: Wrote only 0 of 10240 bytes tar: Skipping to next header tar: rules/ddos.rules: Wrote only 0 of 10240 bytes tar: Skipping to next header tar: rules/dns.rules: Wrote only 0 of 10240 bytes tar: Skipping to next header tar: rules/exploit.rules: Wrote only 0 of 10240 bytes tar: Skipping to next header tar: rules/icmp-info.rules: Wrote only 0 of 10240 bytes tar: Skipping to next header tar: rules/imap.rules: Wrote only 0 of 10240 bytes tar: Skipping to next header tar: rules/multimedia.rules: Wrote only 0 of 10240 bytes tar: Skipping to next header tar: rules/nntp.rules: Wrote only 0 of 10240 bytes tar: Skipping to next header tar: rules/other-ids.rules: Wrote only 0 of 10240 bytes tar: Skipping to next header tar: rules/policy.rules: Wrote only 0 of 10240 bytes tar: Skipping to next header tar: rules/porn.rules: Wrote only 0 of 10240 bytes tar: Skipping to next header tar: Archive contains obsolescent base-64 headers tar: rules/rservices.rules: Wrote only 0 of 10240 bytes tar: Skipping to next header tar: rules/shellcode.rules: Wrote only 0 of 10240 bytes tar: Skipping to next header tar: rules/snmp.rules: Wrote only 0 of 10240 bytes tar: Skipping to next header tar: rules/telnet.rules: Wrote only 0 of 10240 bytes tar: Skipping to next header tar: rules/web-attacks.rules: Wrote only 0 of 10240 bytes tar: Skipping to next header tar: rules/web-client.rules: Wrote only 0 of 10240 bytes tar: Skipping to next header tar: rules/web-frontpage.rules: Wrote only 0 of 10240 bytes tar: Skipping to next header tar: rules/web-misc.rules: Wrote only 0 of 10240 bytes tar: Skipping to next header tar: rules/x11.rules: Wrote only 0 of 10240 bytes tar: rules/classification.config: Wrote only 0 of 10240 bytes tar: Skipping to next header tar: rules/reference.config: Wrote only 0 of 10240 bytes tar: rules/snort.conf: Wrote only 0 of 10240 bytes tar: Error exit delayed from previous errors ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- SnortCenter v1.0-RC1 works? Dax Kelson (Sep 05)
- Re: SnortCenter v1.0-RC1 works? Y P Chien (Sep 12)
- <Possible follow-ups>
- RE: SnortCenter v1.0-RC1 works? SecurityAdmin (Sep 15)
- RE: SnortCenter v1.0-RC1 works? Eric Baur (Sep 15)
- RE: SnortCenter v1.0-RC1 works? Joerg Weber (Sep 15)
- Re: SnortCenter v1.0-RC1 works? Y P Chien (Sep 15)
- Re: SnortCenter v1.0-RC1 works? Y P Chien (Sep 15)