RE: snortcenter problem

["josh" <josh () silicondefense com>]

Jeez, never mind my web server prints 404 page not found in ascii art.

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of josh
Sent: Tuesday, December 17, 2002 1:18 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] snortcenter problem

I have snortcenter running with ssl and after working through a few ssl
errors I got it to a point where it's doing something weird. Has anybody
seen this message or know what it means? Looks like the out put you
would see from a bad regex line as if someone said s/[a-bA-B0-9\n\ ]//g
cause as you can see below there is nothing but "_|/\,'`()" in there.
Maybe snortcenter prints it's alerts in ascii art but strips the \n's
out:)

Sensor Message   
  _  _    ___  _  _     ____                    _   _       _| || |  / _
\| || |   |  _ \ __ _  __ _  ___  | \ | | ___ | |_| || |_| | | | || |_
| |_) / _` |/ _` |/ _ \ |  \| |/ _ \| __||__   _| |_| |__   _| |  __/
(_| | (_| |  __/ | |\  | (_) | |_   |_|  \___/   |_|   |_|   \__,_|\__,
|\___| |_| \_|\___/ \__|                                  |___/ _____
_|  ___|__  _   _ _ __   __| || |_ / _ \| | | | '_ \ / _` ||  _| (_) |
|_| | | | | (_| ||_|  \___/ \__,_|_| |_|\__,_|
 
Is this a problem that occurs when you do not have the Net::SSLeay Perl
module? ... Nope I install the PM and it still gives me this gibberish.

 
   
  SnortCenter v0.9.6 Copyright C 2001, 2002 Stefan Dens  
   



-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Eli Stair
Sent: Thursday, December 12, 2002 5:08 PM
To: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Problems with display, new inst

Stefan, thanks for your response.

That is a chicken-and-egg.  While on my first use of SnortCenter I
installed it
into a machine that had previously had a standalone Snort install that
was reporting
to a remote SQL database, and thus the database had the sensor info, and
alerts etc 
pre-existing... on this machine I am following the "correct procedure"
of the
install docs in which snort is never actually run (and thus no sensor id
established)
until after the SC console is up and running.

In both docs I am referencing, the procedure goes roughly 1) Web server
config, 2)
SnortCenter console install, (optionally ACID also) 3) Snortcenter AGENT
installed
on the sensor box.  The problem is manifesting right after stage 2.  

What happens (incorrectly) is that after SC is live, upon loading it I
get the
"little oval box", thus cannot use the built-in function to create the
tables in
the database.  Soo... I use the script manually, then upon loading I get
the login
box, default admin/change works but _THEN_ I get the blank oval again.
The site
goes immediately to /sensor.php.  It's not until after these steps that
(according 
to both docs) I would install the agent, thus connecting to the database
and adding 
a sensor ID. Unless I am grossly mistaken.

In my first use of SC I had no issues, possibly because the entire
working 
database existed.  Am I possibly running into a step that needs to be
re-arranged?
But if I need to run the agent first to generate the sensor ID in the
database,
how would it connect to SC in the first place, since I won't have been
able to
specify the configuration of rules and agent info?

I'm running myself around here as you can see.  Thanks for any ideas you
can
shoot my way Stefan (or anyone else :)  I'm sure that this is just a
screwup
I'm having conceptual difficulties with.

/eli

 
> Did you already create a sensor and import the rules from the
internet?
> The little oval box is empty when there is nothing in the database to
show.
 
> Stefan D.


> > I'm installing on a new machine and having some issues I haven't seen
before.  
> > ACID is loading, but none of the PHP graphics are showing up, i.e.
the colored
> > backgrounds, highlights etc.  Also SnortCenter is not loading
properly, but
> > a more critical problem.  The gifs for title bar, footer etc show up
but all
> > that is dynamically displayed by the php is a little oval-ish box in
the center
> > of the screen, none of the content that is supposed to appear is
there.
> > I'm running Apache 2.0.43, PHP 4.2.3, ADOdb 2.50, MySQL 4.0.5 on a
linux box.  
> > In all other ways Apache and PHP are working fine.  phpinfo displays
OK, MySQLAdmin 
> > is working. All perms are apache:apache, not using symlinks out of
wwwroot, 
> > ACID and SC are both in a directory with other PHP apps that are
working fine.
> > MySQL users are valid, and when using an invalid user/pass both apps
fail normally.
> > There are no errors in the logs during the period when this is
tested.
> > I'm at a loss on this, all software is the same as in use on another
machine.
> > Fresh configuration, everything double-checked against both the
Snort-Enterprise
> > Implementation docs and the official ACID installation and
configuration.
> > All ideas and suggestions on troubleshooting this are welcome!
> >
> > Thanks,

-- 
CAUTION: Repeated use of finger can cause a system to become overloaded,
which can cause it to stop responding.
--Infinite wisdom from the font that is ISS 6.2.1


-------------------------------------------------------
This sf.net email is sponsored by:
With Great Power, Comes Great Responsibility 
Learn to use your power at OSDN's High Performance Computing Channel
http://hpc.devchannel.org/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------------------------------------------------
This sf.net email is sponsored by:
With Great Power, Comes Great Responsibility 
Learn to use your power at OSDN's High Performance Computing Channel
http://hpc.devchannel.org/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------------------------------------------------
This sf.net email is sponsored by:
With Great Power, Comes Great Responsibility 
Learn to use your power at OSDN's High Performance Computing Channel
http://hpc.devchannel.org/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users