Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: OPENFPC Proxy merge

From: Jeremy Hoel <jthoel () gmail com>
Date: Wed, 18 Dec 2013 08:49:15 -0700
If you go to where you pcaps are kept and look at them, can you tcpdump the
packets that you are looking for?  Let's make sure the data is there.

Once that works we can turn on debug for a few more things.  Adding the
debug to the client doesn't always turn it on for the other parts.
 On Dec 18, 2013 6:11 AM, "Kevin Ross" <kevross33 () googlemail com> wrote:


Hi,

Still no luck with it and no idea what is actuall wrong. I have tried
debug run directly on the hosts (the capture nodes)

----Config----
Server   :  localhost
Port     :  4242
User     :  REMOVED
Action   :  fetch
Logtype  :  auto
Logline  :  0
Filename :  /tmp/out.pcap
SumType  :  0
Last     :  30
stime    :  1387371705 Wed Dec 18 13:01:45 2013
etime    :  1387371735 Wed Dec 18 13:02:15 2013


   * openfpc-client 0.6 *
   Part of the OpenFPC project

Logline created from session IDs: ofpc-v1 type:search sip:REMOVED
stime:1387371705 etime:1387371735 timestamp:
Password for user fpc :
DEBUG: Connected to localhost
DEBUG: Sent Request
Problem processing request: 0

I thought maybe it was an SELINUX issue so I have both relabelled the
filesystem and then after that not working I have disabled SELINUX but
still doesn't work. It is running according to status & also it is making
captures on the disk fine.

Thanks,
Kevin


On 17 December 2013 20:32, Leon Ward <lward () sourcefire com> wrote:


Trying to send again. I don't think the 1st try made it to the list...


On 17 December 2013 12:09, Joel Esler (jesler) <jesler () cisco com> wrote:


Forwarded to the developer.



Yeah, that would be me - although I'm fighting to find any time to look
at it right now so it's becoming a little out of date. I've got a long todo
list to work though. Are there any logs you could share to help work out
what could be broken?

I suggest you start up the openfpc daemon interactively with --debug and
make the request again.

-L




On Dec 17, 2013, at 11:25 AM, Kevin Ross <kevross33 () googlemail com>
wrote:


Hi,

Running openfpc. Was working fine for months and months and now this

when I try and get a PCAP (nothing changed aside from maybe updates: unable
to proxy-merge


Has anyone run into this (I am asking on this userlist as it was a

sourcefire employee made tool :)


Thanks,
Kevin


------------------------------------------------------------------------------

Rapidly troubleshoot problems before they affect your business. Most IT
organizations don't have a clear picture of how application performance
affects their revenue. With AppDynamics, you get 100% visibility into

your

Java,.NET, & PHP application. Start your 15-day FREE TRIAL of

AppDynamics Pro!



http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk_______________________________________________

Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest

Snort news!



------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT
organizations don't have a clear picture of how application performance
affects their revenue. With AppDynamics, you get 100% visibility into
your
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of
AppDynamics Pro!

http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest
Snort news!








------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT
organizations don't have a clear picture of how application performance
affects their revenue. With AppDynamics, you get 100% visibility into your
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics
Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest
Snort news!


------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT 
organizations don't have a clear picture of how application performance 
affects their revenue. With AppDynamics, you get 100% visibility into your 
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: