RE: [Honeywall] Would like to bring this ticket to the public list...

Thu, 31 Jan 2008 07:43:00 -0800 

Hello to all, Here is the output. Regards, Nelson.


From: [EMAIL PROTECTED]: [EMAIL PROTECTED]: Wed, 30 Jan 2008 09:56:35 
-0600Subject: [Honeywall] Would like to bring this ticket to the public 
list...List, 
    I would like to bring this ticket to the list because communications via 
the ticket system seem a bit slow and we may get further discussing it on the 
list.

   The subject is: Walleye - no traffic alerts, just one sawtooth in orange

   And the url is: https://projects.honeynet.org/honeywall/ticket/3

   The basic problem: 'We have a problem with alerts in the honeywall (we don´t 
see any alert or anomalus traffic). I review all information about this issue 
in the Honeywall -- Mailing list, and all advices is migrate to the new 
version. But i´m ready done (i´m working with the last release 1.3) and nothing 
happend.'

   We need to figure out if the system is capturing the data and walleye is 
just not displaying it.  That is the primary reason I asked to check that 
traffic can flow through the bridge.  

   So lets do a few things.  On the host, please paste the results of ls -al 
/dev/vmnet* and tell me the user vmware server is using.
   On the honeywall, go to the /var/log/snort directory.  In here, you should 
see a bunch of directories (one for each day).  These directories should hold 
the snort_fast and snort_full alert files.  See if they contain anything.  The 
other files you see snort_unified.<epoch> hold the unified output that hflow 
reads and feeds to the db.

Rob  


_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

<<attachment: honeywall1.png>>

<<attachment: honeywall2.png>>

<<attachment: honeywall3.png>>

[EMAIL PROTECTED] root]# cd /dev/
[EMAIL PROTECTED] dev]# ls -al vmnet*
crw-------    1 root     root     119,   0 Nov 22 18:34 vmnet0
crw-------    1 root     root     119,   1 Nov 22 18:36 vmnet1
crw-------    1 root     root     119,   2 Nov 22 18:37 vmnet2
crw-------    1 root     root     119,   3 Nov 22 18:34 vmnet3
crw-------    1 root     root     119,   4 Nov 22 18:34 vmnet4
crw-------    1 root     root     119,   5 Nov 22 18:34 vmnet5
crw-------    1 root     root     119,   6 Nov 22 18:34 vmnet6
crw-------    1 root     root     119,   7 Nov 22 18:34 vmnet7
crw-------    1 root     root     119,   8 Nov 22 18:34 vmnet8
crw-------    1 root     root     119,   9 Nov 22 18:34 vmnet9
[EMAIL PROTECTED] dev]#


_______________________________________________
Honeywall mailing list
[email protected]
https://public.honeynet.org/mailman/listinfo/honeywall

Reply via email to