List,
I would like to bring this ticket to the list because
communications via the ticket system seem a bit slow and we may get
further discussing it on the list.
The subject is: Walleye - no traffic alerts, just one sawtooth in
orange
And the url is: https://projects.honeynet.org/honeywall/ticket/3
The basic problem: "We have a problem with alerts in the honeywall
(we don´t see any alert or anomalus traffic). I review all information
about this issue in the Honeywall -- Mailing list, and all advices is
migrate to the new version. But i´m ready done (i´m working with the
last release 1.3) and nothing happend."
We need to figure out if the system is capturing the data and
walleye is just not displaying it. That is the primary reason I asked
to check that traffic can flow through the bridge.
So lets do a few things. On the host, please paste the results of
ls -al /dev/vmnet* and tell me the user vmware server is using.
On the honeywall, go to the /var/log/snort directory. In here,
you should see a bunch of directories (one for each day). These
directories should hold the snort_fast and snort_full alert files.
See if they contain anything. The other files you see
snort_unified.<epoch> hold the unified output that hflow reads and
feeds to the db.
Rob
_______________________________________________
Honeywall mailing list
[email protected]
https://public.honeynet.org/mailman/listinfo/honeywall
