Re: OPENFPC Proxy merge

[Kevin Ross <kevross33 () googlemail com>]

Hi,

I restarted the daemons on the query machine with the web interface and the
2 nodes too. I never had too much time to look into it in detail but I will
provide logs of the error. I am not sure when it actually stopped working,
last thing I did was update ELSA although I am sure it was working after
then too (even though it did various updates as part of the process. I have
tried to get PCAP from Snorby and also from openfpc web interface.

I will provide more detailed info tomorrow and will probably restart all
the machines involved to see if that makes them happy again and check
permissions and things. Also SELINUX is disabled on this machine (not on
the capture machines though) because with Snorby, ELSA and other things it
was getting a bit much to manage.

Thanks,
Kevin


On 17 December 2013 17:20, Leon Ward <lward () sourcefire com> wrote:

> Yeah, that would be me - although I'm fighting to find any time to look at
> it right now.
>
> Any logs you could share off-list?
> Start up the openfpc daemon with --debug and make the request again
>
>
> On 17 December 2013 12:09, Joel Esler (jesler) <jesler () cisco com> wrote:
>
> > Forwarded to the developer.
> >
> > On Dec 17, 2013, at 11:25 AM, Kevin Ross <kevross33 () googlemail com>
> > wrote:
> >
> > > Hi,
> > >
> > > Running openfpc. Was working fine for months and months and now this
> > when I try and get a PCAP (nothing changed aside from maybe updates: unable
> > to proxy-merge
> > > Has anyone run into this (I am asking on this userlist as it was a
> > sourcefire employee made tool :)
> > > Thanks,
> > > Kevin
> > ------------------------------------------------------------------------------
> > > Rapidly troubleshoot problems before they affect your business. Most IT
> > > organizations don't have a clear picture of how application performance
> > > affects their revenue. With AppDynamics, you get 100% visibility into
> > your
> > > Java,.NET, & PHP application. Start your 15-day FREE TRIAL of
> > AppDynamics Pro!
> > >
> > http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk_______________________________________________
> > > Snort-users mailing list
> > > Snort-users () lists sourceforge net
> > > Go to this URL to change user options or unsubscribe:
> > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > Snort-users list archive:
> > > http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> > >
> > > Please visit http://blog.snort.org to stay current on all the latest
> > Snort news!
> >
> >
> >
> > ------------------------------------------------------------------------------
> > Rapidly troubleshoot problems before they affect your business. Most IT
> > organizations don't have a clear picture of how application performance
> > affects their revenue. With AppDynamics, you get 100% visibility into your
> > Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics
> > Pro!
> >
> > http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> >
> > Please visit http://blog.snort.org to stay current on all the latest
> > Snort news!
------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT 
organizations don't have a clear picture of how application performance 
affects their revenue. With AppDynamics, you get 100% visibility into your 
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!