Hi Mohamed, To be honest I can't remember where the file would be built. You'll need to go through the build logs for the Captureclient and try to see where there are errors. That should hopefully point to where the issue is. It's been a over a year and a half now since I made my last Captureclient build, so apologies that I can't provide more information. From my distant memory I seem to remember that the dependent packages had to be added to the system PATH environment variable in order to be available for the build script.... maybe thats an answer?
Anyway, good luck. Terry Terry MacDonald On 6 November 2012 17:18, Mohamed Hamed Al Rashdi < mohamed.alras...@ita.gov.om> wrote: > Dear Terry ,**** > > ** ** > > Other files were created, however the Captureclient.exe was not built. > What do you think has brought this issue? And where should be that exe file > placed? (at what path).**** > > ** ** > > Cheers,**** > > ** ** > > *From:* capture-hpc-boun...@public.honeynet.org [mailto: > capture-hpc-boun...@public.honeynet.org] *On Behalf Of *Terry MacDonald > *Sent:* Monday, November 05, 2012 11:40 PM > > *To:* General discussion list for Capture-HPC users > *Subject:* Re: [Capture-HPC] Capture-HPC VMWare error**** > > ** ** > > Hi Mohamed,**** > > ** ** > > That means that the NSIS installer can't find the CaptureClient.exce file > that was built. Are you sure that the Windows build script is building > CaptureClient.exe? Are there error messages earlier in the output? Maybe > try searching for the file CaptureClient.exe on your build PC to make sure > that it has been created as part of the build process,....**** > > ** ** > > Cheers**** > > ** ** > > Terry**** > > > Terry MacDonald > > > **** > > On 5 November 2012 22:20, Mohamed Hamed Al Rashdi < > mohamed.alras...@ita.gov.om> wrote:**** > > Dear Terry,**** > > **** > > Thanks it helped a lot , however I had this other error .**** > > **** > > Processing script file: "CaptureClient-Setup.nsi" > Name: "Capture Client" > OutFile: "CaptureClient-Setup.exe" > InstallDir: "$PROGRAMFILES\Capture" > PageEx: license > LicenseText: "GNU GENERAL PUBLIC LICENSE, v2" "" > LicenseData: "COPYING" > PageExEnd > Page: instfiles > UninstPage: instfiles > Section: "" > SetOutPath: "$INSTDIR" > File: "7za.exe" [compress] 234900/476672 bytes > File: "CaptureClient.exe" -> no files found. > Usage: File [/nonfatal] [/a] ([/r] [/x filespec [...]] filespec [...] | > /oname=outfile one_file_only) > Error in script "CaptureClient-Setup.nsi" on line 39 -- aborting creation > proces > s**** > > > The system cannot find the file specified.**** > > **** > > *From:* capture-hpc-boun...@public.honeynet.org [mailto: > capture-hpc-boun...@public.honeynet.org] *On Behalf Of *Terry MacDonald > *Sent:* Sunday, October 28, 2012 12:44 PM**** > > > *To:* General discussion list for Capture-HPC users > *Subject:* Re: [Capture-HPC] Capture-HPC VMWare error**** > > **** > > Hi Mohamed,**** > > **** > > makensis sounds like something to do with the NSIS installer. Its the > packager that is used to create the CaptureClient.exe. You may need to > ensure that the makensis.exe folder is in your PATH environment variable. > Sounds like the installation script can't find it.**** > > **** > > Hope that helps.**** > > > Terry MacDonald > > **** > > On 24 October 2012 21:37, Mohamed Hamed Al Rashdi < > mohamed.alras...@ita.gov.om> wrote:**** > > Dear Terry,**** > > **** > > I have been trying to compile the HPC client after going through your > guide, however I get a few errors, I know your guide says those error might > occur however should not effect the compling process. However we could not > locate the file CaptureClient-Setup.exe after compiling as your notes say > that after compiling that file should be found.**** > > **** > > At the end of the compiling process as error says “makensis.exe is not > recognized as internal or external command, the system cannot find the file > specified.**** > > **** > > I’m wondering why CaptureClient-Setup.exe is not created after compiling!* > *** > > **** > > Thanks.**** > > **** > > *From:* capture-hpc-boun...@public.honeynet.org [mailto: > capture-hpc-boun...@public.honeynet.org] *On Behalf Of *Terry MacDonald > *Sent:* Friday, September 07, 2012 12:46 AM**** > > > *To:* General discussion list for Capture-HPC users > *Subject:* Re: [Capture-HPC] Capture-HPC VMWare error**** > > **** > > Hi Mohamed,**** > > **** > > Not sure what that error is I'm afraid. Its probably something to do with > the fact that the server is trying to do the revert, and the VIX library > doesn't accept the input. You'll need to check if the VIX library licensing > has changed in the verseion you run. I had to do some research last time to > find out that there was a restricted API available on unlicensed VIX > libraries. Thats when I made my work around script revert.sh (in the docs). > That was written for VMWare ESXi (Free version). It probably won;t work for > VMware Server 2.0 but you could try. And maybe you can modify it to work > with the commands available on VMware server 2.0?**** > > **** > > Failing that, you should probably look at the Capture-HPC NG. They made it > work with VirtualBox, which I understand doesn't have any licensing > restrictions. **** > > > Terry MacDonald**** > > On 5 September 2012 22:50, Mohamed Hamed Al Rashdi < > mohamed.alras...@ita.gov.om> wrote:**** > > Terry,**** > > **** > > We have reached to a good point now, whilst we run the capture-hpc all > works fine, however it gets to a point that says reverting – waiting for > input URI’s .. then it says VMware error 17. **** > > And sometimes VM stalled**** > > Vix NULL.**** > > **** > > *From:* capture-hpc-boun...@public.honeynet.org [mailto: > capture-hpc-boun...@public.honeynet.org] *On Behalf Of *Mohamed Hamed Al > Rashdi > *Sent:* Tuesday, September 04, 2012 2:44 PM**** > > > *To:* General discussion list for Capture-HPC users > *Subject:* Re: [Capture-HPC] Capture-HPC VMWare error**** > > **** > > Dear Terry,**** > > **** > > I've started all over again following your guide, however ive faced erros > while compiling.**** > > I've attached an image of how the error looks like,**** > > **** > > **** > > **** > ------------------------------ > > *From:* capture-hpc-boun...@public.honeynet.org [ > capture-hpc-boun...@public.honeynet.org] On Behalf Of Terry MacDonald [ > terry.macdon...@gmail.com] > *Sent:* Tuesday, August 28, 2012 3:35 PM > *To:* General discussion list for Capture-HPC users > *Subject:* Re: [Capture-HPC] Capture-HPC VMWare error**** > > Hi Mohamed, **** > > **** > > I would recommend reading section 5 of the > How_to_compile_Capture-HPC_v1.2.doc if you are running Capture Server for > linux. That specific command is part of a replacement shell script that I > wrote for the revert binary that uses plink ssh client to connect from the > CaptureHPC server to the VMware server running the CaptureHPC clients, and > restarts them. Thats in section 5.10.3. But I would recommend running > through the complete section 5 as the commands were all written to work as > a whole. **** > > **** > > Also, if you;ve found some better ways to get around some of the issues > I'd love to hear about them.**** > > **** > > Cheers**** > > > Terry MacDonald**** > > On 28 August 2012 21:56, Mohamed Hamed Al Rashdi < > mohamed.alras...@ita.gov.om> wrote:**** > > Dear Terry,**** > > **** > > Thanks for your reply, however can you illustrate how to use a vin-cmd > command executed over ssh ?**** > > **** > > Thanks.**** > > **** > > *From:* capture-hpc-boun...@public.honeynet.org [mailto: > capture-hpc-boun...@public.honeynet.org] *On Behalf Of *Terry MacDonald > *Sent:* Tuesday, August 28, 2012 12:52 PM > *To:* General discussion list for Capture-HPC users > *Subject:* Re: [Capture-HPC] Capture-HPC VMWare error**** > > **** > > Hi Mohamed,**** > > **** > > You might be hitting a problem I remember having. VMWare changed the > licensing on their VIX libraries on later versions to limit the number of > API's you could use without a valid license. And that stopped the built-in > linux revert script from working. So I found a different way. It seemed > that you could use a vin-cmd command executed over ssh to get it to work.* > *** > > **** > > Its probably time to resend out the documentation I wrote early last year > as you might find it handy. The docs cover how to compile CaptureHPC v1.2, > and how to configure CaptureHPC v1.3. (I didnt get round to writing the how > to compile CaptureHPC v1.3 doc). But hopefully you find it useful. If you > have any corrections you find, it would be good if you could post the > workarounds here for everyone to use.**** > > **** > > Hope that helps**** > > > Terry MacDonald**** > > On 28 August 2012 20:31, Mohamed Hamed Al Rashdi < > mohamed.alras...@ita.gov.om> wrote:**** > > Dear experts,**** > > **** > > I have been trying to implement the capture-HPC for a month now, and I’ve > had trouble initiating it. Been troubleshooting ever since 4 weeks.**** > > **** > > Here’s the latest result,**** > > **** > > Option added: server-listen-port => 7070 > Option added: server-listen-address => 10.30.10.234 > Option added: input_urls => input_urls_example.txt > CaptureServer: Listening for connections > Validating config.xml ... > config.xml successfully validated > Option added: capture-network-packets-benign => false > Option added: capture-network-packets-malicious => false > Option added: client-default => iexplorebulk > Option added: client-default-visit-time => 20 > Option added: client_inactivity_timeout => 60 > Option added: collect-modified-files => false > Option added: different_vm_revert_delay => 24 > Option added: group_size => 20 > Option added: revert_timeout => 120 > Option added: same_vm_revert_delay => 6 > Option added: send-exclusion-lists => false > Option added: terminate => true > Option added: vm_stalled_after_revert_timeout => 120 > Option added: vm_stalled_during_operation_timeout => 300 > ExclusionList: file - FileMonitor.exl: File not found > ExclusionList: process - ProcessMonitor.exl: File not found > ExclusionList: registry - RegistryMonitor.exl: File not found > [10.30.10.234:7070] VM added > [Aug 28, 2012 12:27:33 PM-10.30.10.234:7070-9616314] VMSetState: > WAITING_TO_BE_REVERTED > PARSING PREPROCESSOR > n is null > PARSING POSTPROCESSOR > n is null > Got 0 in URL queue. > Waiting for input URLs... > [Aug 28, 2012 12:27:35 PM-10.30.10.234:7070-9616314] VMSetState: REVERTING > [Aug 28, 2012 12:27:36 PM 10.30.10.234:7070-9616314] VMware error 2 > [Aug 28, 2012 12:27:36 PM-10.30.10.234:7070-9616314] VMSetState: ERROR > Reverting different VM...waiting considerably > [Aug 28, 2012 12:28:00 PM-10.30.10.234:7070-9616314] Finished processing > VM item: revert > Waiting for input URLs...**** > > **** > > I’ve been trying to figure out the “VMware error2” problem, however I was > unable to locate anything useful.**** > > **** > > Any help?**** > > **** > > Thanks.**** > > **** > > Regards**** > > > Mohamed Hamed Al-Rashdi > Digital Forensics Specialist > Oman National CERT | **** > > www.cert.gov.om <https://webmail.ita.gov.om/owa/UrlBlockedError.aspx> **** > > Information Technology Authority > Sultanate Of Oman**** > > | +968 24166743 | P.O.Box: 1807**** > > | +968 24166818 | P.C: 130 | Azaibah**** > > mohamed.alras...@ita.gov.om | www.ita.gov.om**** > > **** > > **** > > **** > ------------------------------ > > > The information contained in this message and any file and/or attachment > transmitted herewith is confidential and may be legally privileged. It is > intended solely for the use of the addressee and must not be disclosed to > or used by anyone other than the addressee. If you receive this > transmission by error, please notify the sender immediately by reply e-mail > and destroy the original transmission and its attachments. If you are not > the intended recipient, please be advised that viewing, copying, > forwarding, printing and disseminating any information related to this mail > is prohibited and you should not take any action based on the content of > this mail and/or the attachments.**** > > > _______________________________________________ > Capture-HPC mailing list > Capture-HPC@public.honeynet.org > https://public.honeynet.org/mailman/listinfo/capture-hpc**** > > **** > > **** > ------------------------------ > > > The information contained in this message and any file and/or attachment > transmitted herewith is confidential and may be legally privileged. It is > intended solely for the use of the addressee and must not be disclosed to > or used by anyone other than the addressee. If you receive this > transmission by error, please notify the sender immediately by reply e-mail > and destroy the original transmission and its attachments. If you are not > the intended recipient, please be advised that viewing, copying, > forwarding, printing and disseminating any information related to this mail > is prohibited and you should not take any action based on the content of > this mail and/or the attachments.**** > > > _______________________________________________ > Capture-HPC mailing list > Capture-HPC@public.honeynet.org > https://public.honeynet.org/mailman/listinfo/capture-hpc**** > > **** > > **** > ------------------------------ > > > The information contained in this message and any file and/or attachment > transmitted herewith is confidential and may be legally privileged. It is > intended solely for the use of the addressee and must not be disclosed to > or used by anyone other than the addressee. If you receive this > transmission by error, please notify the sender immediately by reply e-mail > and destroy the original transmission and its attachments. If you are not > the intended recipient, please be advised that viewing, copying, > forwarding, printing and disseminating any information related to this mail > is prohibited and you should not take any action based on the content of > this mail and/or the attachments.**** > > **** > ------------------------------ > > > The information contained in this message and any file and/or attachment > transmitted herewith is confidential and may be legally privileged. It is > intended solely for the use of the addressee and must not be disclosed to > or used by anyone other than the addressee. If you receive this > transmission by error, please notify the sender immediately by reply e-mail > and destroy the original transmission and its attachments. If you are not > the intended recipient, please be advised that viewing, copying, > forwarding, printing and disseminating any information related to this mail > is prohibited and you should not take any action based on the content of > this mail and/or the attachments.**** > > > _______________________________________________ > Capture-HPC mailing list > Capture-HPC@public.honeynet.org > https://public.honeynet.org/mailman/listinfo/capture-hpc**** > > **** > > **** > ------------------------------ > > > The information contained in this message and any file and/or attachment > transmitted herewith is confidential and may be legally privileged. It is > intended solely for the use of the addressee and must not be disclosed to > or used by anyone other than the addressee. If you receive this > transmission by error, please notify the sender immediately by reply e-mail > and destroy the original transmission and its attachments. If you are not > the intended recipient, please be advised that viewing, copying, > forwarding, printing and disseminating any information related to this mail > is prohibited and you should not take any action based on the content of > this mail and/or the attachments.**** > > > _______________________________________________ > Capture-HPC mailing list > Capture-HPC@public.honeynet.org > https://public.honeynet.org/mailman/listinfo/capture-hpc**** > > **** > > ** ** > ------------------------------ > > > The information contained in this message and any file and/or attachment > transmitted herewith is confidential and may be legally privileged. It is > intended solely for the use of the addressee and must not be disclosed to > or used by anyone other than the addressee. If you receive this > transmission by error, please notify the sender immediately by reply e-mail > and destroy the original transmission and its attachments. If you are not > the intended recipient, please be advised that viewing, copying, > forwarding, printing and disseminating any information related to this mail > is prohibited and you should not take any action based on the content of > this mail and/or the attachments.**** > > > _______________________________________________ > Capture-HPC mailing list > Capture-HPC@public.honeynet.org > https://public.honeynet.org/mailman/listinfo/capture-hpc**** > > ** ** > > ------------------------------ > > The information contained in this message and any file and/or attachment > transmitted herewith is confidential and may be legally privileged. It is > intended solely for the use of the addressee and must not be disclosed to > or used by anyone other than the addressee. If you receive this > transmission by error, please notify the sender immediately by reply e-mail > and destroy the original transmission and its attachments. If you are not > the intended recipient, please be advised that viewing, copying, > forwarding, printing and disseminating any information related to this mail > is prohibited and you should not take any action based on the content of > this mail and/or the attachments. > > _______________________________________________ > Capture-HPC mailing list > Capture-HPC@public.honeynet.org > https://public.honeynet.org/mailman/listinfo/capture-hpc > >
_______________________________________________ Capture-HPC mailing list Capture-HPC@public.honeynet.org https://public.honeynet.org/mailman/listinfo/capture-hpc
