Snort mailing list archives
Re: SnortCenter v1.0-RC1 works?
From: "Y P Chien" <ypchien () is-focus net>
Date: Tue, 16 Sep 2003 06:11:05 +0800
I have snortcenter-RC1 installed on RedHat 8.0. I was able to import the Snort rules from the Internet and "View: the rules under the "Resource" menu. I was also able to view the Variables, Preprocessors, Output Plugins, etc. under the "Resource"menu. Furthermore, I was able to bring out the "Variable Selection", "Preprocessor Selection", etc. pages under the "Sensor Configuration" menu EXCEPT the "Rule Selection" . When choose the "Rule Selection" under "Sensor Configuration", I got Database Error with the following error message: Warning: Division by zero in /var/www/html/snortcenter/sensor_rules.php on line 370 As such, I was not able to configure and push rules to the Snort.conf file on the sensor. Other than the problem of configurating the rules, I was able to push all the rest configurations to the sensor. So what did you do to make it work? Any help will be greatly appreciated. YP ----- Original Message ----- From: "Eric Baur" <Eric.Baur () Certegy com> To: <snort-users () lists sourceforge net> Sent: Monday, September 15, 2003 10:36 PM Subject: RE: [Snort-users] SnortCenter v1.0-RC1 works?
Can't offer much, except to say that my installation is working. At a guess, however, are there already rules in the database? (ie: did you already "update from internet" or add rules of your own?) I can imagine that error arising from not having any rules to select. ??? Eric -----Original Message----- From: SecurityAdmin () aspentech com [mailto:SecurityAdmin () aspentech com] Sent: Monday, September 15, 2003 6:31 AM To: snort-users () lists sourceforge net Subject: RE: [Snort-users] SnortCenter v1.0-RC1 works? I get the same error as Dax, running snort 2.01 on FreeBSD 4.8 with a
remote
MySQL server 3.23.57 and I've tried everything to correct it without success. -----Original Message----- From: Y P Chien [mailto:ypchien () is-focus net] Sent: Friday, September 12, 2003 2:49 PM To: Dax Kelson Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] SnortCenter v1.0-RC1 works? I am wondering anybody has had SnorCenter v1.0-RC1 working at all? I have posted similar question before regarding the problem of the "Rule Selection" under "Sensor Configuration". When you choose the "Rule Selection" under "Sensor Configuration", you
will
get the Database Error with the following error message: Warning: Division by zero in /var/www/html/snortcenter/sensor_rules.php
on
line 370 As such, I was not able to configure and push rules to the Snort.conf
file
on the sensor. I was able to push all the rest configurations to the sensor. Any suggestion and help we can get, will be greatly appreciated. YP ----- Original Message ----- From: "Dax Kelson" <Dax () GuruLabs com> To: <snort-users () lists sourceforge net> Sent: Saturday, September 06, 2003 11:20 AM Subject: [Snort-users] SnortCenter v1.0-RC1 works?I was wondering if anyone has tried out SnortCenter v1.0-RC1? This is my experience so far: I was wondering if anyone can has encountered the same or gotten further. =================================== I'm using ADODB v372. I changed the following lines in my snortcenter/config.php. (real values changed to project the innocent) $DBlib_path = "/var/www/adodb-372/"; $DB_user = "snortc"; $DB_password = "snortcpass"; $hidden_key_num = "114096721009" I configured Mysql and created the schema with: # mysql snortcenter < /var/www/html/snortcenter/snortcenter_db.mysql In the SnortCenter web interface I changed my admin password and then did: Admin -> Import/Update Rules -> Update from Internet The follow error shows up on the screen: Database ERROR: Database ERROR:Unknown column 'byte_jump' in 'field list' If I grep for "byte_jump" in the snortcenter_db files I don't get any matches. Also, in my web server error log these entries appeared: tar: rules/attack-responses.rules: Wrote only 4096 of 10240 bytes tar: Skipping to next header tar: rules/bad-traffic.rules: Wrote only 0 of 10240 bytes tar: Skipping to next header tar: rules/ddos.rules: Wrote only 0 of 10240 bytes tar: Skipping to next header tar: rules/dns.rules: Wrote only 0 of 10240 bytes tar: Skipping to next header tar: rules/exploit.rules: Wrote only 0 of 10240 bytes tar: Skipping to next header tar: rules/icmp-info.rules: Wrote only 0 of 10240 bytes tar: Skipping to next header tar: rules/imap.rules: Wrote only 0 of 10240 bytes tar: Skipping to next header tar: rules/multimedia.rules: Wrote only 0 of 10240 bytes tar: Skipping to next header tar: rules/nntp.rules: Wrote only 0 of 10240 bytes tar: Skipping to next header tar: rules/other-ids.rules: Wrote only 0 of 10240 bytes tar: Skipping to next header tar: rules/policy.rules: Wrote only 0 of 10240 bytes tar: Skipping to next header tar: rules/porn.rules: Wrote only 0 of 10240 bytes tar: Skipping to next header tar: Archive contains obsolescent base-64 headers tar: rules/rservices.rules: Wrote only 0 of 10240 bytes tar: Skipping to next header tar: rules/shellcode.rules: Wrote only 0 of 10240 bytes tar: Skipping to next header tar: rules/snmp.rules: Wrote only 0 of 10240 bytes tar: Skipping to next header tar: rules/telnet.rules: Wrote only 0 of 10240 bytes tar: Skipping to next header tar: rules/web-attacks.rules: Wrote only 0 of 10240 bytes tar: Skipping to next header tar: rules/web-client.rules: Wrote only 0 of 10240 bytes tar: Skipping to next header tar: rules/web-frontpage.rules: Wrote only 0 of 10240 bytes tar: Skipping to next header tar: rules/web-misc.rules: Wrote only 0 of 10240 bytes tar: Skipping to next header tar: rules/x11.rules: Wrote only 0 of 10240 bytes tar: rules/classification.config: Wrote only 0 of 10240 bytes tar: Skipping to next header tar: rules/reference.config: Wrote only 0 of 10240 bytes tar: rules/snort.conf: Wrote only 0 of 10240 bytes tar: Error exit delayed from previous errors ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- SnortCenter v1.0-RC1 works? Dax Kelson (Sep 05)
- Re: SnortCenter v1.0-RC1 works? Y P Chien (Sep 12)
- <Possible follow-ups>
- RE: SnortCenter v1.0-RC1 works? SecurityAdmin (Sep 15)
- RE: SnortCenter v1.0-RC1 works? Eric Baur (Sep 15)
- RE: SnortCenter v1.0-RC1 works? Joerg Weber (Sep 15)
- Re: SnortCenter v1.0-RC1 works? Y P Chien (Sep 15)
- Re: SnortCenter v1.0-RC1 works? Y P Chien (Sep 15)