Re: Lets talk about ....

[AllowOverride <allowoverride () gmail com>]

hello jeremy, thanks for your input, ill consider your thoughts.
i installed seconion and yes it has configs and such to review.
not really my point of what im complaining about. it's the howtos.
have you been following all what i said, or just the last few emails.
in any event, you will notice a reoccurring them. see if you can find
it ;)

i find it funny how you and others write a lot of stuff, like you think
i dont know anything,
how about rather, jump in and help. 

it's called community.

my mentors always helped, im always looking for more.
i found a few here, so.. if you dont mind a few emails with valid
complaints, then 
everything is cool. 

if not, what can i say dude, nothing is quite clear, heck you are even 
pointing me to seconion, thats not a howto, and no new user will be able
to find 
out all the stuff required for all the pieces of the puzzling looking at
a config server.
you kidding? lolol

actually responding this email is a waste of time... ill try not to from
this point forward.
if you feel you know it all just say, pointing people to a man page or
google, well, 
thats not community in my book, nor is it friendly.

I NEVER SAY TO ANYONE, RTFM, LMGTFY, thats evil... 

are you evil?

ps. Mr. Bates is community :)
pss. who are you? dont bother me, im busy....

> --- Begin Message ---
>
>
> From: Jeremy Hoel <jthoel () gmail com>
>
> Date: Tue, 9 Oct 2012 15:51:57 +0000
>
> Honestly.. instead of going back and forth over and over and saying
> that the tools don't work, when everyone else here knows they do you
> should probably install security onion, see hows it works, including
> the settings,  options, integration's with databases and all that, see
> that it does work, and then use it to figure out why your system isn't
> working. Plus they you can try changes on a known good working system
> and see how they effect things and then integrate them into whatever
> scripts you keep talking about using.
>
> The tools work and it's not nearly as hard as you are making it.
>
> And BTW - criticizing the people that write the tools, that's probably
> not going to help your case.
>
>
> On Tue, Oct 9, 2012 at 3:43 PM, AllowOverride <allowoverride () gmail com> wrote:
> > reply, ok pcap got it. thanks. makes sense now.
> >
> > mine however does not say decoding when i start snort...
> >
> > like i have been saying something is not working...
> >
> > lots of little things are not working....
> >
> > thanks for hanging in there.
> >
> >
> >
> >
> > ---------- Forwarded message ----------
> > From: Peter Bates <peter.bates () ucl ac uk>
> > To:
> > Cc: <snort-users () lists sourceforge net>
> > Date: Tue, 9 Oct 2012 09:10:54 +0100
> > Subject: Re: [Snort-users] Lets talk about ....
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> >
> > Hello all
> >
> > On 08/10/2012 23:28, AllowOverride wrote:
> > > next topic, revisited:
> > >
> > > u2spewfoo snort.log.1349734894
> > > get_record: (2) Failed to read all of record data.
> > >       Read 14476 of 33555456 bytes
> > >
> > > why?
> > >
> > > i run snort/barnyard2 this way: should i change?
> > >
> > > /usr/local/bin/snort -A fast -c /etc/snort/etc/snort.conf -i eth0 &
> >
> > I should have made it clearer in my previous email, but you should drop
> > the -A fast.
> >
> > # snort -A fast -c /etc/snort/snort.conf -i eth1
> > <snip>
> > Commencing packet processing (pid=7855)
> > Decoding Ethernet
> >
> > # ls -hl
> > total 12K
> > - -rw-r--r-- 1 root  snort  448 Oct  9 09:05 alert
> > - -rw------- 1 snort snort  480 Oct  9 09:05 snort.log.1349769868
> >
> > # file snort.log.1349769868
> > snort.log.1349769868: tcpdump capture file (little-endian) - version 2.4
> > (Ethernet, capture length 1514)
> >
> > Again, Snort is creating a pcap file and not a unified2 log.
> >
> > # snort -c /etc/snort/snort.conf -i eth1
> > <snip>
> > Commencing packet processing (pid=7882)
> > Decoding Ethernet
> >
> > # ls -hl
> > total 8.0K
> > - -rw------- 1 snort snort 1.2K Oct  9 09:07 snort.log.1349770017
> >
> > # file snort.log.1349770017
> > snort.log.1349770017: data
> >
> > # u2spewfoo snort.log.1349770017 |grep sig
> >         sig id: 10000001        gen id: 1       revision: 0
> > classification: 0
> >
> > Obviously when all is running fine you can daemonize with -D.
> > Using & you're backgrounding any startup errors you might see.
> >
> > After this I suspect barnyard2 will work fine as it
> > will have the unified2 input it is expecting.
> >
> > - --
> > Peter Bates
> > Senior Information Security Officer   Phone: +44(0)2076792049
> > Information Services Division         Internal Ext: 32049
> > University College London
> > London WC1E 6BT
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v2.0.17 (MingW32)
> > Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
> >
> > iQEcBAEBAgAGBQJQc9wOAAoJELhVoVpEMS6RjaQH/3da/us0zZr+Pvn5fqZRN8lX
> > NVncLkQxX4KviNd/WgedSksIkNEtUCDROK6e5dWqHuX6mq2udEPTCmv0/nDOxY2a
> > wePhaGsdkgPkNEdn3OWBUQzpuolOf/QYfqVM3WgyS/jMIbyNkLKK251Sln3epvwX
> > 7MHTgNJTe02wsmLeteMbSAZPtkpMoQskqyhuBaI3ecAw5IuMDIjMWZIwXnlx+MZf
> > dZ+qjVOsR5P7n53WBSji5IuHSALjWZv/M+i8DnkwMSXiIepeajnhMN20BxJilWQL
> > 3g3dNn8XneM43sMsX6ZI5KLY9TDIzk5ZxrA6j9cJbYjmjPs6PV2GaE3X5lDrJIM=
> > =ABRW
> > -----END PGP SIGNATURE-----
> >
> >
> > ------------------------------------------------------------------------------
> > Don't let slow site performance ruin your business. Deploy New Relic APM
> > Deploy New Relic app performance management and know exactly
> > what is happening inside your Ruby, Python, PHP, Java, and .NET app
> > Try New Relic at no cost today and get our sweet Data Nerd shirt too!
> > http://p.sf.net/sfu/newrelic-dev2dev
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> > Please visit http://blog.snort.org to stay current on all the latest Snort
> > news!
> >
> > ------------------------------------------------------------------------------
> > Don't let slow site performance ruin your business. Deploy New Relic APM
> > Deploy New Relic app performance management and know exactly
> > what is happening inside your Ruby, Python, PHP, Java, and .NET app
> > Try New Relic at no cost today and get our sweet Data Nerd shirt too!
> > http://p.sf.net/sfu/newrelic-dev2dev
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> > Please visit http://blog.snort.org to stay current on all the latest Snort
> > news!
>
> --- End Message ---
------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!