Snort mailing list archives
RE: snortcenter problem
From: "josh" <josh () silicondefense com>
Date: Tue, 17 Dec 2002 14:44:35 -0800
Jeez, never mind my web server prints 404 page not found in ascii art. -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of josh Sent: Tuesday, December 17, 2002 1:18 PM To: snort-users () lists sourceforge net Subject: [Snort-users] snortcenter problem I have snortcenter running with ssl and after working through a few ssl errors I got it to a point where it's doing something weird. Has anybody seen this message or know what it means? Looks like the out put you would see from a bad regex line as if someone said s/[a-bA-B0-9\n\ ]//g cause as you can see below there is nothing but "_|/\,'`()" in there. Maybe snortcenter prints it's alerts in ascii art but strips the \n's out:) Sensor Message _ _ ___ _ _ ____ _ _ _| || | / _ \| || | | _ \ __ _ __ _ ___ | \ | | ___ | |_| || |_| | | | || |_ | |_) / _` |/ _` |/ _ \ | \| |/ _ \| __||__ _| |_| |__ _| | __/ (_| | (_| | __/ | |\ | (_) | |_ |_| \___/ |_| |_| \__,_|\__, |\___| |_| \_|\___/ \__| |___/ _____ _| ___|__ _ _ _ __ __| || |_ / _ \| | | | '_ \ / _` || _| (_) | |_| | | | | (_| ||_| \___/ \__,_|_| |_|\__,_| Is this a problem that occurs when you do not have the Net::SSLeay Perl module? ... Nope I install the PM and it still gives me this gibberish. SnortCenter v0.9.6 Copyright C 2001, 2002 Stefan Dens -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Eli Stair Sent: Thursday, December 12, 2002 5:08 PM To: snort-users () lists sourceforge net Subject: Re: [Snort-users] Problems with display, new inst Stefan, thanks for your response. That is a chicken-and-egg. While on my first use of SnortCenter I installed it into a machine that had previously had a standalone Snort install that was reporting to a remote SQL database, and thus the database had the sensor info, and alerts etc pre-existing... on this machine I am following the "correct procedure" of the install docs in which snort is never actually run (and thus no sensor id established) until after the SC console is up and running. In both docs I am referencing, the procedure goes roughly 1) Web server config, 2) SnortCenter console install, (optionally ACID also) 3) Snortcenter AGENT installed on the sensor box. The problem is manifesting right after stage 2. What happens (incorrectly) is that after SC is live, upon loading it I get the "little oval box", thus cannot use the built-in function to create the tables in the database. Soo... I use the script manually, then upon loading I get the login box, default admin/change works but _THEN_ I get the blank oval again. The site goes immediately to /sensor.php. It's not until after these steps that (according to both docs) I would install the agent, thus connecting to the database and adding a sensor ID. Unless I am grossly mistaken. In my first use of SC I had no issues, possibly because the entire working database existed. Am I possibly running into a step that needs to be re-arranged? But if I need to run the agent first to generate the sensor ID in the database, how would it connect to SC in the first place, since I won't have been able to specify the configuration of rules and agent info? I'm running myself around here as you can see. Thanks for any ideas you can shoot my way Stefan (or anyone else :) I'm sure that this is just a screwup I'm having conceptual difficulties with. /eli
Did you already create a sensor and import the rules from the
internet?
The little oval box is empty when there is nothing in the database to
show.
Stefan D.
I'm installing on a new machine and having some issues I haven't seen
before.
ACID is loading, but none of the PHP graphics are showing up, i.e.
the colored
backgrounds, highlights etc. Also SnortCenter is not loading
properly, but
a more critical problem. The gifs for title bar, footer etc show up
but all
that is dynamically displayed by the php is a little oval-ish box in
the center
of the screen, none of the content that is supposed to appear is
there.
I'm running Apache 2.0.43, PHP 4.2.3, ADOdb 2.50, MySQL 4.0.5 on a
linux box.
In all other ways Apache and PHP are working fine. phpinfo displays
OK, MySQLAdmin
is working. All perms are apache:apache, not using symlinks out of
wwwroot,
ACID and SC are both in a directory with other PHP apps that are
working fine.
MySQL users are valid, and when using an invalid user/pass both apps
fail normally.
There are no errors in the logs during the period when this is
tested.
I'm at a loss on this, all software is the same as in use on another
machine.
Fresh configuration, everything double-checked against both the
Snort-Enterprise
Implementation docs and the official ACID installation and
configuration.
All ideas and suggestions on troubleshooting this are welcome! Thanks,
-- CAUTION: Repeated use of finger can cause a system to become overloaded, which can cause it to stop responding. --Infinite wisdom from the font that is ISS 6.2.1 ------------------------------------------------------- This sf.net email is sponsored by: With Great Power, Comes Great Responsibility Learn to use your power at OSDN's High Performance Computing Channel http://hpc.devchannel.org/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by: With Great Power, Comes Great Responsibility Learn to use your power at OSDN's High Performance Computing Channel http://hpc.devchannel.org/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by: With Great Power, Comes Great Responsibility Learn to use your power at OSDN's High Performance Computing Channel http://hpc.devchannel.org/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Problems with display, new inst larc (Dec 12)
- <Possible follow-ups>
- Re: Problems with display, new inst Eli Stair (Dec 12)
- snortcenter problem josh (Dec 17)
- RE: snortcenter problem josh (Dec 17)
- snortcenter problem josh (Dec 17)