[Snort-users] Where's Waldo?

AllowOverride allowoverride at ...11827...
Wed Oct 10 14:12:33 EDT 2012


thank you for understanding. appreciate the input always joel

On Wed, 2012-10-10 at 12:46 -0400, Joel Esler wrote:
> Everyone should act professional on this list.  Thank you.
> 
> As far as not everything being packaged together, we have some thoughts around that as far as development is concerned, but that's a consistent problem.
> 
> On Oct 10, 2012, at 12:14 PM, AllowOverride <allowoverride at ...11827...> wrote:
> 
> > yah,,, im going to have you to ask them not to pick on me either... im
> > just trying to figure out snort, barnyard2, pulledpork, and others, as
> > they are not all packaged together, well except for the obvious. ill try
> > not to cuss, but do say a few bytes to those aiming aggression and rally
> > support against me, thats very childish in my book.
> > 
> > 
> > On Wed, 2012-10-10 at 12:01 -0400, Joel Esler wrote:
> >> I am going to have to ask you to stop with the language though.  There's no place for that here.  Either seek help, help others, or participate in the discussion.  
> >> 
> >> The below doesn't do any of the three.
> >> 
> >> Thank you.
> >> --
> >> Joel Esler
> >> Senior Research Engineer, VRT
> >> OpenSource Community Manager
> >> Sourcefire
> >> 
> >> 
> >> On Oct 10, 2012, at 11:50 AM, AllowOverride <allowoverride at ...11827...> wrote:
> >> 
> >>> i think you do not have a life taking shyt to someone you dont know in
> >>> an email. dick
> >>> 
> >>> On Wed, 2012-10-10 at 11:42 -0400, Jason wrote:
> >>>> I don't think I'm alone when I say you have been the first in a long
> >>>> time to end up on my ignore list. You have exhibited all the qualities
> >>>> of a troll, well executed even. I'm fairly comfortable in recommending
> >>>> to others that they place you into the same category.
> >>>> 
> >>>> I wish you luck on your journey but have to elect to no take part in
> >>>> you getting where ever you think you are going.
> >>>> 
> >>>> On Wed, Oct 10, 2012 at 11:37 AM, AllowOverride <allowoverride at ...11827...> wrote:
> >>>>> who is we've. you represent everyone? who the hell are you...
> >>>>> i don't need your kinda of help. go away
> >>>>> 
> >>>>> On Tue, 2012-10-09 at 22:58 -0500, Paul Schmehl wrote:
> >>>>>> It's a very strange bug.  It only exists on your system.
> >>>>>> 
> >>>>>> We've been using base for as long as it's existed, and our copy has never
> >>>>>> had that bug.
> >>>>>> 
> >>>>>> --On October 9, 2012 8:09:54 PM -0700 AllowOverride
> >>>>>> <allowoverride at ...11827...> wrote:
> >>>>>> 
> >>>>>>> omg,,, thanks but i am fully aware of how to trbsht, sorry, im not going
> >>>>>>> to respond to all that... i think its a bug, been there done that
> >>>>>>> 
> >>>>>>> On Tue, 2012-10-09 at 20:46 -0500, Paul Schmehl wrote:
> >>>>>>>> --On October 9, 2012 12:08:11 PM -0700 AllowOverride
> >>>>>>>> <allowoverride at ...11827...> wrote:
> >>>>>>>> 
> >>>>>>>>>> Step 5: Verify that base can login to the db and read the alerts
> >>>>>>>>> its working - but when i clear the data tables on base browser gui, no
> >>>>>>>>> new data is being recorded.
> >>>>>>>> 
> >>>>>>>> OK.  Base does nothing more than to display what's in the database.  So,
> >>>>>>>> if  you empty the tables of data and no new data shows up, base is doing
> >>>>>>>> its  job.  The problem lies elsewhere.
> >>>>>>>> 
> >>>>>>>>> i noticed that if i restart the services, or
> >>>>>>>>> restart apache2, it will start displaying again... kinda odd, i would
> >>>>>>>>> have to restart anything,, wonders if base is really the right solution
> >>>>>>>>> at this point, or, maybe there is a switch to flick in it
> >>>>>>>> 
> >>>>>>>> In order to do fruitful troubleshooting, you have to take one step at a
> >>>>>>>> time.  Restart one service.  Does base start displaying alerts again?
> >>>>>>>> Then  that service is the problem.  If you restart several services and
> >>>>>>>> base  starts displaying alerts again, you have no way of knowing which
> >>>>>>>> service is  the problem.
> >>>>>>>> 
> >>>>>>>> Your problem sounds like one that used to occur with barnyard2 - lost
> >>>>>>>> connections to the database - but it's hard to tell without knowing
> >>>>>>>> which  service restarts the alerts.
> >>>>>>>> 
> >>>>>>>> Look at the timestamps and sizes on the snort logs.  Is it continually
> >>>>>>>> logging?  When the log files turn over, does the new one grow in size?
> >>>>>>>> 
> >>>>>>>> Paul Schmehl, Senior Infosec Analyst
> >>>>>>>> As if it wasn't already obvious, my opinions
> >>>>>>>> are my own and not those of my employer.
> >>>>>>>> *******************************************
> >>>>>>>> "It is as useless to argue with those who have
> >>>>>>>> renounced the use of reason as to administer
> >>>>>>>> medication to the dead." Thomas Jefferson
> >>>>>>>> "There are some ideas so wrong that only a very
> >>>>>>>> intelligent person could believe in them." George Orwell
> >>>>>>>> 
> >>>>>>> 
> >>>>>>> 
> >>>>>> 
> >>>>>> 
> >>>>>> 
> >>>>>> Paul Schmehl, Senior Infosec Analyst
> >>>>>> As if it wasn't already obvious, my opinions
> >>>>>> are my own and not those of my employer.
> >>>>>> *******************************************
> >>>>>> "It is as useless to argue with those who have
> >>>>>> renounced the use of reason as to administer
> >>>>>> medication to the dead." Thomas Jefferson
> >>>>>> "There are some ideas so wrong that only a very
> >>>>>> intelligent person could believe in them." George Orwell
> >>>>>> 
> >>>>> 
> >>>>> 
> >>>>> ------------------------------------------------------------------------------
> >>>>> Don't let slow site performance ruin your business. Deploy New Relic APM
> >>>>> Deploy New Relic app performance management and know exactly
> >>>>> what is happening inside your Ruby, Python, PHP, Java, and .NET app
> >>>>> Try New Relic at no cost today and get our sweet Data Nerd shirt too!
> >>>>> http://p.sf.net/sfu/newrelic-dev2dev
> >>>>> _______________________________________________
> >>>>> Snort-users mailing list
> >>>>> Snort-users at lists.sourceforge.net
> >>>>> Go to this URL to change user options or unsubscribe:
> >>>>> https://lists.sourceforge.net/lists/listinfo/snort-users
> >>>>> Snort-users list archive:
> >>>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >>>>> 
> >>>>> Please visit http://blog.snort.org to stay current on all the latest Snort news!
> >>> 
> >>> 
> >>> ------------------------------------------------------------------------------
> >>> Don't let slow site performance ruin your business. Deploy New Relic APM
> >>> Deploy New Relic app performance management and know exactly
> >>> what is happening inside your Ruby, Python, PHP, Java, and .NET app
> >>> Try New Relic at no cost today and get our sweet Data Nerd shirt too!
> >>> http://p.sf.net/sfu/newrelic-dev2dev
> >>> _______________________________________________
> >>> Snort-users mailing list
> >>> Snort-users at lists.sourceforge.net
> >>> Go to this URL to change user options or unsubscribe:
> >>> https://lists.sourceforge.net/lists/listinfo/snort-users
> >>> Snort-users list archive:
> >>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >>> 
> >>> Please visit http://blog.snort.org to stay current on all the latest Snort news!
> >> 
> > 
> 





More information about the Snort-users mailing list