[Snort-users] SnortCenter v1.0-RC1 works?

Y P Chien ypchien at ...9824...
Mon Sep 15 15:12:05 EDT 2003


 I have snortcenter-RC1 installed on RedHat 8.0.

I was able to import the Snort rules from the Internet and "View: the rules
under the "Resource" menu.
I was also able to view the Variables, Preprocessors, Output Plugins, etc.
under the "Resource"menu.
Furthermore, I was able to bring out the "Variable Selection",
"Preprocessor Selection", etc. pages under the "Sensor Configuration" menu
EXCEPT the "Rule Selection" .
When choose the "Rule Selection" under "Sensor Configuration", I got
Database Error with the following error message:

  Warning: Division by zero in /var/www/html/snortcenter/sensor_rules.php on
line 370

  As such, I was not able to configure and push rules to the Snort.conf file
on the sensor.  Other than the problem of configurating the rules, I was
able to push all the rest configurations to the sensor.

  So what did you do to make it work?  Any help will be greatly appreciated.

  YP



----- Original Message ----- 
From: "Eric Baur" <Eric.Baur at ...8629...>
To: <snort-users at lists.sourceforge.net>
Sent: Monday, September 15, 2003 10:36 PM
Subject: RE: [Snort-users] SnortCenter v1.0-RC1 works?


>
> Can't offer much, except to say that my installation is working.  At
> a guess, however, are there already rules in the database?  (ie: did you
> already "update from internet" or add rules of your own?)
> I can imagine that error arising from not having any rules to
> select.  ???
>
> Eric
>
> -----Original Message-----
> From: SecurityAdmin at ...7345... [mailto:SecurityAdmin at ...7345...]
> Sent: Monday, September 15, 2003 6:31 AM
> To: snort-users at lists.sourceforge.net
> Subject: RE: [Snort-users] SnortCenter v1.0-RC1 works?
>
>
> I get the same error as Dax, running snort 2.01 on FreeBSD 4.8 with a
remote
> MySQL server 3.23.57 and I've tried everything to correct it without
> success.
>
> -----Original Message-----
> From: Y P Chien [mailto:ypchien at ...9824...]
> Sent: Friday, September 12, 2003 2:49 PM
> To: Dax Kelson
> Cc: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] SnortCenter v1.0-RC1 works?
>
> I am wondering anybody has had SnorCenter v1.0-RC1 working at all?
> I have posted similar question before regarding the problem of the "Rule
> Selection" under "Sensor Configuration".
>
> When you choose the "Rule Selection" under "Sensor Configuration", you
will
> get the Database Error with the following error message:
>
>   Warning: Division by zero in /var/www/html/snortcenter/sensor_rules.php
on
> line 370
>
>   As such, I was not able to configure and push rules to the Snort.conf
file
> on the sensor.  I was able to push all the rest configurations to the
> sensor.
>
>   Any suggestion and help we can get, will be greatly appreciated.
>
>   YP
>
> ----- Original Message ----- 
> From: "Dax Kelson" <Dax at ...10042...>
> To: <snort-users at lists.sourceforge.net>
> Sent: Saturday, September 06, 2003 11:20 AM
> Subject: [Snort-users] SnortCenter v1.0-RC1 works?
>
>
> > I was wondering if anyone has tried out SnortCenter v1.0-RC1?
> >
> > This is my experience so far:
> >
> > I was wondering if anyone can has encountered the same or gotten
> > further.
> >
> > ===================================
> >
> > I'm using ADODB v372.
> >
> > I changed the following lines in my snortcenter/config.php.
> >
> > (real values changed to project the innocent)
> >
> > $DBlib_path     = "/var/www/adodb-372/";
> > $DB_user        = "snortc";
> > $DB_password    = "snortcpass";
> > $hidden_key_num = "114096721009"
> >
> > I configured Mysql and created the schema with:
> >
> > # mysql snortcenter < /var/www/html/snortcenter/snortcenter_db.mysql
> >
> > In the SnortCenter web interface I changed my admin password and then
> > did:
> >
> > Admin -> Import/Update Rules -> Update from Internet
> >
> > The follow error shows up on the screen:
> >
> > Database ERROR: Database ERROR:Unknown column 'byte_jump' in 'field
> > list'
> >
> > If I grep for "byte_jump" in the snortcenter_db files I don't get any
> > matches.
> >
> > Also, in my web server error log these entries appeared:
> >
> > tar: rules/attack-responses.rules: Wrote only 4096 of 10240 bytes
> > tar: Skipping to next header
> > tar: rules/bad-traffic.rules: Wrote only 0 of 10240 bytes
> > tar: Skipping to next header
> > tar: rules/ddos.rules: Wrote only 0 of 10240 bytes
> > tar: Skipping to next header
> > tar: rules/dns.rules: Wrote only 0 of 10240 bytes
> > tar: Skipping to next header
> > tar: rules/exploit.rules: Wrote only 0 of 10240 bytes
> > tar: Skipping to next header
> > tar: rules/icmp-info.rules: Wrote only 0 of 10240 bytes
> > tar: Skipping to next header
> > tar: rules/imap.rules: Wrote only 0 of 10240 bytes
> > tar: Skipping to next header
> > tar: rules/multimedia.rules: Wrote only 0 of 10240 bytes
> > tar: Skipping to next header
> > tar: rules/nntp.rules: Wrote only 0 of 10240 bytes
> > tar: Skipping to next header
> > tar: rules/other-ids.rules: Wrote only 0 of 10240 bytes
> > tar: Skipping to next header
> > tar: rules/policy.rules: Wrote only 0 of 10240 bytes
> > tar: Skipping to next header
> > tar: rules/porn.rules: Wrote only 0 of 10240 bytes
> > tar: Skipping to next header
> > tar: Archive contains obsolescent base-64 headers
> > tar: rules/rservices.rules: Wrote only 0 of 10240 bytes
> > tar: Skipping to next header
> > tar: rules/shellcode.rules: Wrote only 0 of 10240 bytes
> > tar: Skipping to next header
> > tar: rules/snmp.rules: Wrote only 0 of 10240 bytes
> > tar: Skipping to next header
> > tar: rules/telnet.rules: Wrote only 0 of 10240 bytes
> > tar: Skipping to next header
> > tar: rules/web-attacks.rules: Wrote only 0 of 10240 bytes
> > tar: Skipping to next header
> > tar: rules/web-client.rules: Wrote only 0 of 10240 bytes
> > tar: Skipping to next header
> > tar: rules/web-frontpage.rules: Wrote only 0 of 10240 bytes
> > tar: Skipping to next header
> > tar: rules/web-misc.rules: Wrote only 0 of 10240 bytes
> > tar: Skipping to next header
> > tar: rules/x11.rules: Wrote only 0 of 10240 bytes
> > tar: rules/classification.config: Wrote only 0 of 10240 bytes
> > tar: Skipping to next header
> > tar: rules/reference.config: Wrote only 0 of 10240 bytes
> > tar: rules/snort.conf: Wrote only 0 of 10240 bytes
> > tar: Error exit delayed from previous errors
> >
> >
> >
> > -------------------------------------------------------
> > This sf.net email is sponsored by:ThinkGeek
> > Welcome to geek heaven.
> > http://thinkgeek.com/sf
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
>
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>





More information about the Snort-users mailing list