[Snort-users] OPENFPC Proxy merge

Kevin Ross kevross33 at ...14012...
Thu Dec 19 03:31:00 EST 2013


Hi,

Yup confirmed data is definately in those PCAPs I am requesting using
tcpdump. When I request for the same data using the openfpc-client tool it
does not work. How do I enable more debug/where do I look for  more
information for what it is having issues with (as -d isn't showing me the
failure reason).

Thanks,
Kevin


On 18 December 2013 15:49, Jeremy Hoel <jthoel at ...11827...> wrote:

> If you go to where you pcaps are kept and look at them, can you tcpdump
> the packets that you are looking for?  Let's make sure the data is there.
>
> Once that works we can turn on debug for a few more things.  Adding the
> debug to the client doesn't always turn it on for the other parts.
>  On Dec 18, 2013 6:11 AM, "Kevin Ross" <kevross33 at ...14012...> wrote:
>
>> Hi,
>>
>> Still no luck with it and no idea what is actuall wrong. I have tried
>> debug run directly on the hosts (the capture nodes)
>>
>> ----Config----
>> Server   :  localhost
>> Port     :  4242
>> User     :  REMOVED
>> Action   :  fetch
>> Logtype  :  auto
>> Logline  :  0
>> Filename :  /tmp/out.pcap
>> SumType  :  0
>> Last     :  30
>> stime    :  1387371705 Wed Dec 18 13:01:45 2013
>> etime    :  1387371735 Wed Dec 18 13:02:15 2013
>>
>>
>>    * openfpc-client 0.6 *
>>    Part of the OpenFPC project
>>
>> Logline created from session IDs: ofpc-v1 type:search sip:REMOVED
>> stime:1387371705 etime:1387371735 timestamp:
>> Password for user fpc :
>> DEBUG: Connected to localhost
>> DEBUG: Sent Request
>> Problem processing request: 0
>>
>> I thought maybe it was an SELINUX issue so I have both relabelled the
>> filesystem and then after that not working I have disabled SELINUX but
>> still doesn't work. It is running according to status & also it is making
>> captures on the disk fine.
>>
>> Thanks,
>> Kevin
>>
>>
>> On 17 December 2013 20:32, Leon Ward <lward at ...1935...> wrote:
>>
>>> Trying to send again. I don't think the 1st try made it to the list...
>>>
>>>
>>> On 17 December 2013 12:09, Joel Esler (jesler) <jesler at ...589...> wrote:
>>>
>>>> Forwarded to the developer.
>>>>
>>>
>>> Yeah, that would be me - although I'm fighting to find any time to look
>>> at it right now so it's becoming a little out of date. I've got a long todo
>>> list to work though. Are there any logs you could share to help work
>>> out what could be broken?
>>>
>>> I suggest you start up the openfpc daemon interactively with --debug and
>>> make the request again.
>>>
>>> -L
>>>
>>>
>>>>
>>>> On Dec 17, 2013, at 11:25 AM, Kevin Ross <kevross33 at ...14012...>
>>>> wrote:
>>>>
>>>> > Hi,
>>>> >
>>>> > Running openfpc. Was working fine for months and months and now this
>>>> when I try and get a PCAP (nothing changed aside from maybe updates: unable
>>>> to proxy-merge
>>>> >
>>>> > Has anyone run into this (I am asking on this userlist as it was a
>>>> sourcefire employee made tool :)
>>>> >
>>>> > Thanks,
>>>> > Kevin
>>>> >
>>>> ------------------------------------------------------------------------------
>>>> > Rapidly troubleshoot problems before they affect your business. Most
>>>> IT
>>>> > organizations don't have a clear picture of how application
>>>> performance
>>>> > affects their revenue. With AppDynamics, you get 100% visibility into
>>>> your
>>>> > Java,.NET, & PHP application. Start your 15-day FREE TRIAL of
>>>> AppDynamics Pro!
>>>> >
>>>> http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk_______________________________________________
>>>> > Snort-users mailing list
>>>> > Snort-users at lists.sourceforge.net
>>>> > Go to this URL to change user options or unsubscribe:
>>>> > https://lists.sourceforge.net/lists/listinfo/snort-users
>>>> > Snort-users list archive:
>>>> > http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>>> >
>>>> > Please visit http://blog.snort.org to stay current on all the latest
>>>> Snort news!
>>>>
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> Rapidly troubleshoot problems before they affect your business. Most IT
>>>> organizations don't have a clear picture of how application performance
>>>> affects their revenue. With AppDynamics, you get 100% visibility into
>>>> your
>>>> Java,.NET, & PHP application. Start your 15-day FREE TRIAL of
>>>> AppDynamics Pro!
>>>>
>>>> http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
>>>> _______________________________________________
>>>> Snort-users mailing list
>>>> Snort-users at lists.sourceforge.net
>>>> Go to this URL to change user options or unsubscribe:
>>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>>> Snort-users list archive:
>>>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>>>
>>>> Please visit http://blog.snort.org to stay current on all the latest
>>>> Snort news!
>>>>
>>>
>>>
>>>
>>
>>
>> ------------------------------------------------------------------------------
>> Rapidly troubleshoot problems before they affect your business. Most IT
>> organizations don't have a clear picture of how application performance
>> affects their revenue. With AppDynamics, you get 100% visibility into your
>> Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics
>> Pro!
>>
>> http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>
>> Please visit http://blog.snort.org to stay current on all the latest
>> Snort news!
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20131219/e9b09e39/attachment.html>


More information about the Snort-users mailing list