-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rob/All,
Not sure but we may actually have more than one problem here... the problem I was hoping to fix (not that I've had a few days to jog my memory) deals with the fact that I believe pcap files "end up" with correct (readable by apache) ownership when the hflow-pcap process initially kicks off. After time, however, I believe the files that are a result of the automatic 10MB tcpdump roll-over process seem to be generated with root ownership and prevent apache from reading them. Since the Database insertion process is run as root (I think?) it has no problems with this. However if you attempt to do packet decodes within Walleye they fail on certain (owned by root) pcaps. This is what I was trying to (temporarily) fix with: chown -R apache /var/log/pcap/* Please let me know if anyone else is seeing this. We need to figure this stuff out. Earl On Tue, 16 Oct 2007 08:06:38 -0400 Rob McMillen <[EMAIL PROTECTED]> wrote: >List, > I am trying to fix the issue with the lack of data showing up >on >the UI after 24 hours. Can some of the folks having this issue >tell >me a little about their setup and the type of activity they see on >their honeypots? The OS of the honeypots etc? Would help me >recreate >this issue. > On another note, I have noticed that the IDS alerts are not >showing up on the UI. Other folks seeing this? > >Thanks in advance, > >Rob >_______________________________________________ >Honeywall mailing list >[email protected] >https://public.honeynet.org/mailman/listinfo/honeywall -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Charset: UTF8 Version: Hush 2.5 wkYEARECAAYFAkcUlhEACgkQk7+e+4lPSm3z5ACeK3Q45vA51tx0hi+B//pCXEDnt58A n1zfQji2NakiyIfldKG41cwOn8Ly =su/B -----END PGP SIGNATURE----- _______________________________________________ Honeywall mailing list [email protected] https://public.honeynet.org/mailman/listinfo/honeywall
