[sniffer] Re: It's official. SNF Version 3.0 is Ready!
Hi Pete Just upgraded from 2.9 to 3.0 1- Please check if all is OK from your side 2- I curently upgrade my rules on emails alerts. My understanding is that the server can dectect new rules and launch a batch file. Please confirm and give link to detailed instructions. Can i use the same batch file I am using now ? TIA Serge Dergham
[sniffer] Re: It's official. SNF Version 3.0 is Ready!
Hi In our case (satellite connexion) we have a lot of cases where snf2check fail, So our current batch keep retrying download every 10 minutes until snf2check succeed (that is done by creating a file error.txt) If I use getRulebase.cmd, what happens if snf2check fail ? or if wget does not complete ? or other problems ? ... My current wget is optimized as follow wget -N http://www.sortmonster.net/Sniffer/Updates/zydt3crn.snf --tries=10 --wait=5 --random-wait -o %DD%result.txt --header=Accept-Encoding:gzip --http-user=sniffer --http-passwd= - Original Message - From: Pete McNeil To: Message Sniffer Community Sent: Sunday, July 06, 2008 6:22 PM Subject: [sniffer] Re: It's official. SNF Version 3.0 is Ready! Hello Serge, Sunday, July 6, 2008, 1:46:00 PM, you wrote: Hi Pete Just upgraded from 2.9 to 3.0 1- Please check if all is OK from your side Looks ok from here. Good telemetry showing version 3. High capture rates: 2- I curently upgrade my rules on emails alerts. My understanding is that the server can dectect new rules and launch a batch file. Please confirm and give link to detailed instructions. Can i use the same batch file I am using now ? In theory you could use the same batch file, however it is probably better to use/adapt the getRulebase.cmd script. At present your rulebase is not out of date: update ready=no utc=20080706172248/ You can find some detailed instructions about setting up getRulebase.cmd here starting with step 6. The process is largely the same for all Win* platforms: http://www.armresearch.com/support/articles/installation/decludeImail.jsp Best, _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. -- # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED] SETLOCAL SET DDdrv=E: SET DDdir=\sniffer\scripts\ SET DD=%DDdrv%%DDdir% rem Set the full path to your IMail directory. SET IMailDir=E:\imail rem Set the full path to you Sniffer directory. set snifferdir=E:\sniffer\ set sniffersrv=E:\snfsrv\rulebase\ rem Set the e-mail address you would like script results sent to. SET [EMAIL PROTECTED] rem Set e-mail from domain for your script results. SET FromDom=Cefib.net :CheckDirectories if not exist %DD% goto end %DDdrv% cd %DD% echo %date% %DD%mail.txt echo %time% %DD%mail.txt echo ** %DD%mail.txt echo param %1 %DD%mail.txt echo ** %DD%mail.txt if exist %DD%error.txt goto errorexist echo - %DD%mail.txt echo %DD%error.txt not found %DD%mail.txt echo Proceeding with .gz test %DD%mail.txt echo - %DD%mail.txt goto testgz :errorexist echo - %DD%mail.txt echo found %DD%error.txt %DD%mail.txt echo Previous download failed, deleting all files %DD%mail.txt del %DD%error.txt %DD%mail.txt if exist %DD%zydt3crn.snf.gz del %DD%zydt3crn.snf.gz %DD%mail.txt if exist %DD%zydt3crn.snf del %DD%zydt3crn.snf %DD%mail.txt echo %DD%error.txt deleted %DD%mail.txt echo Proceeding with download %DD%mail.txt echo - %DD%mail.txt goto download :testgz if exist %DD%zydt3crn.snf.gz goto gzexist echo - %DD%mail.txt echo %DD%zydt3crn.snf.gz not found %DD%mail.txt echo Proceeding with file download %DD%mail.txt echo - %DD%mail.txt goto download :gzexist echo - %DD%mail.txt echo found %DD%zydt3crn.snf.gz %DD%mail.txt del %DD%zydt3crn.snf.gz %DD%mail.txt echo %DD%zydt3crn.snf.gz deleted %DD%mail.txt echo Proceeding with file download %DD%mail.txt echo - %DD%mail.txt goto download :download %DD%wget -N http://www.sortmonster.net/Sniffer/Updates/zydt3crn.snf --tries=10 --wait=5 --random-wait -o %DD%result.txt --header=Accept-Encoding:gzip --http-user=sniffer --http-passwd= if errorlevel 1 goto wgeterr1 if not exist zydt3crn.snf goto nosnf fgrep Server file no newer than local file %DD%result.txt if not errorlevel 1 goto nonewff :step2 fgrep `zydt3crn.snf' saved %DD%result.txt if not errorlevel 1 goto newff echo cas wget non prevu %DD%mail.txt goto END :newff echo %time% %DD%mail.txt echo Renaming and testing %DD%mail.txt rename zydt3crn.snf zydt3crn.snf.gz gzip -d -f -t zydt3crn.snf.gz if errorlevel 0 goto gziperr0 if errorlevel 1 goto gziperr1 GOTO END :gziperr0 Echo gzip OK errorlevel 0 %DD%mail.txt gzip -d -f zydt3crn.snf.gz GOTO New GOTO END :gziperr1 Echo gzip errorlevel 1 %DD%mail.txt Echo gzip .gz file did not test OK %DD%mail.txt GOTO END :New ECHO New Rule File Found ECHO New Rule File Found
[sniffer] Re: It's official. SNF Version 3.0 is Ready!
Hi Pete, You are correct I meant the rulebase update. I did use the getRulebase.cmd and it seemed to be working, it downloads the file. I did make one mistake, I meant gzip said it was an invalid gz file. I didn't even get to the snf2chk command. Thanks, Daniel -- Daniel Bayerdorffer, VP [EMAIL PROTECTED] Numberall Stamp Tool Co., Inc. www.numberall.com PO Box 187, Sangerville, ME 04479 USA TEL: 207-876-3541 FAX: 207-876-3566 -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Thursday, June 26, 2008 9:39 PM To: Message Sniffer Community Subject: [sniffer] Re: It's official. SNF Version 3.0 is Ready! Hello Daniel, Thursday, June 26, 2008, 8:58:36 PM, you wrote: Hi Pete, I've installed the Mdaemon Plugin version. I can't download a valid update. snf2chk keeps saying it's an invalid gzip. Do you have any suggestions on what I can try to track down the problem? I'm a little bit confused. I'm going to guess that you're talking about a rulebase update. getRulebase.cmd script should be able to do everything that's needed. What I think you've said is that you downloaded the file -- accepted a gzip, and then tried to check it with snf2check. You would first have to unzip the file and then check the unzipped file with snf2check. Hope that makes sense. Please straighten me out if it doesn't. Thanks, _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED] smime.p7s Description: S/MIME cryptographic signature
[sniffer] Re: It's official. SNF Version 3.0 is Ready!
Hello Daniel, Friday, June 27, 2008, 10:00:57 AM, you wrote: Hi Pete, I just installed Mdaemon Plugin version. It seems to be working properly, but I can't download updates. When I do, snf2chk says it is not a valid gz file. Do you have any suggestions on what I can try to fix it? I responded to this last night on list. I'm guessing you didn't get that response so I'm responding to this new one directly (off list). _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: It's official. SNF Version 3.0 is Ready!
Pete are there new log files as I do not see them in my working sniffer dir...? I'm using the integrated model with eWall. Regards, Steve Guluk SGDesign (949) 661-9333 ICQ: 7230769
[sniffer] Re: It's official. SNF Version 3.0 is Ready!
Hello Steve, Friday, June 27, 2008, 3:25:06 PM, you wrote: Pete are there new log files as I do not see them in my working sniffer dir...? I'm using the integrated model with eWall. There are two kinds of log files. Classic (like your used to) or the new XML based log files. Check your configuration file -- they may be turned off by default in that configuration. Here's some documentation on configuring SNF log files: http://www.armresearch.com/support/articles/software/snfServer/config/node/logs/index.jsp Hope this helps, _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: It's official. SNF Version 3.0 is Ready!
Nevermind.. Got it working and see the new XML logs. On Jun 27, 2008, at 12:25 PM, Steve Guluk wrote: Pete are there new log files as I do not see them in my working sniffer dir...? I'm using the integrated model with eWall. Regards, Steve Guluk SGDesign (949) 661-9333 ICQ: 7230769
[sniffer] Re: It's official. SNF Version 3.0 is Ready!
Congratulations on shipping, Pete! Andrew 8) p.s. Hey, I love the new mascot. Much cuter than the old SortMonster... -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Thursday, June 26, 2008 12:24 PM To: Message Sniffer Community Subject: [sniffer] It's official. SNF Version 3.0 is Ready! Hello Sniffer folks, Back in Q1 we were sure we'd be ready with the new SNF after nearly a year of testing on both large and small systems. What a surprise! After publishing the first release candidate we went from version 1-5 to version 2-27 at a breathtaking pace! Thank you to everyone who has tested, poked, prodded, and twisted the new SNF -- not to mention keeping up with all of those updates during the final phase of testing. I can't imagine getting to this point without your patience, trust, attention to detail, and persistence! Bravo! Without further fanfare: Today the latest release candidate becomes the official production release of Message Sniffer (SNF) Version 3.0. The changes: -- Minor updates to readme files. -- Changed the build / version information and recompiled. -- Removed redundant comments from the configuration file. We have been bug free for more than 2 months with several hundred systems using the new engine. You can download the latest distributions from this page: http://www.armresearch.com/products/index.jsp You may also notice that we've published our new web site! There are a few bits of documentation still under construction here and there, but we're well on our way to filling those in along with a stream of continues improvements and additions based on our work with you! Once again, Thanks to everyone for a fantastic job! Thanks for all of your support, comments, and efforts! As always we're hear to help. Now, onward to the next upgrade... always work to do ;-) Cheers! _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED] # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: It's official. SNF Version 3.0 is Ready!
Hello Matt, Thursday, June 26, 2008, 4:21:42 PM, you wrote: Pete, Now that you got that taken care of, can you give us an idea when you expect 4.0 to be released? Hehehe. We're not close enough to that to be remotely accurate, but I will tell you that I'd like it to be within something approaching a year. There are a lot of continuous upgrades to do on the back-end that will unleash and enhance V3's power and provide additional tools and products along the way -- plus plenty of work helping new third party products get off the ground w/ SNF inside... So we'll be plenty busy and we'll keep you posted. _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: It's official. SNF Version 3.0 is Ready!
Pete, Glad you got the joke. I'll allow you a a little time to take your mind off of the future :) Thanks, Matt Pete McNeil wrote: Hello Matt, Thursday, June 26, 2008, 4:21:42 PM, you wrote: Pete, Now that you got that taken care of, can you give us an idea when you expect 4.0 to be released? Hehehe. We're not close enough to that to be remotely accurate, but I will tell you that I'd like it to be within something approaching a year. There are a lot of continuous upgrades to do on the back-end that will unleash and enhance V3's power and provide additional tools and products along the way -- plus plenty of work helping new third party products get off the ground w/ SNF inside... So we'll be plenty busy and we'll keep you posted. _M
[sniffer] Re: It's official. SNF Version 3.0 is Ready!
Good work Pete! We've been using the previous beta build on a few systems (windows) and it has worked flawlessly. I look forward to using version 3 -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Friday, June 27, 2008 3:24 AM To: Message Sniffer Community Subject: [sniffer] It's official. SNF Version 3.0 is Ready! Hello Sniffer folks, Back in Q1 we were sure we'd be ready with the new SNF after nearly a year of testing on both large and small systems. What a surprise! After publishing the first release candidate we went from version 1-5 to version 2-27 at a breathtaking pace! Thank you to everyone who has tested, poked, prodded, and twisted the new SNF -- not to mention keeping up with all of those updates during the final phase of testing. I can't imagine getting to this point without your patience, trust, attention to detail, and persistence! Bravo! Without further fanfare: Today the latest release candidate becomes the official production release of Message Sniffer (SNF) Version 3.0. The changes: -- Minor updates to readme files. -- Changed the build / version information and recompiled. -- Removed redundant comments from the configuration file. We have been bug free for more than 2 months with several hundred systems using the new engine. You can download the latest distributions from this page: http://www.armresearch.com/products/index.jsp You may also notice that we've published our new web site! There are a few bits of documentation still under construction here and there, but we're well on our way to filling those in along with a stream of continues improvements and additions based on our work with you! Once again, Thanks to everyone for a fantastic job! Thanks for all of your support, comments, and efforts! As always we're hear to help. Now, onward to the next upgrade... always work to do ;-) Cheers! _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED] # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
