Hi Rob. Thanks for your quick answer. I decided to downgrade to roo 1.3... after some time it started to work (some prob with walleye and very long password's first change i think). I still have the roo 1.4 in another hdd, so, as soon as i have to reboot i will try your solution.
Its have been a hard way since i started to test the roo 1.4, because i have to change from one AMD to a Pentium due compatibilities isuues, then hflow2... but I know "no pain, no gain" Rafa On Tue, Nov 11, 2008 at 9:16 AM, Rob McMillen <[EMAIL PROTECTED]> wrote: > Let's try something real quick... because that snort you see on ps > looks like it was not launched by hflow to me.... but I am doing this > from memory. Kill the current snort process you see running. Then > use the hflow startup script to start hflow (do not start snort, hflow > should do this for you). > > Rob > > On Mon, Nov 10, 2008 at 11:11 PM, Net_Runner <[EMAIL PROTECTED]> wrote: >> Hi all! >> >> After update hflow trough "yum update", but still persist the same problem >> >> " >> [EMAIL PROTECTED] ~]# service hflow restart >> Stopping hflow: [FAILED] >> Starting hflowHflow: premature failure. Initialization aborted? >> Parent sighandler, something Received, exiting! >> [FAILED] " >> >> I'd read almost every post related and i cant fix the problem. >> >> The Honey seems to be working >> dmesg results >> " >> INBOUND TCP: IN=br0 OUT=br0 PHYSIN=eth0 PHYSOUT=eth1 SRC=190.82.151.x >> DST=190.161.86.x LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=40421 DF >> PROTO=TCP SPT=3492 DPT=21378 WINDOW=65535 RES=0x00 SYN URGP=0 >> INBOUND TCP: IN=br0 OUT=br0 PHYSIN=eth0 PHYSOUT=eth1 SRC=190.82.151.x >> DST=190.161.86.x LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=40423 DF >> PROTO=TCP SPT=3492 DPT=21378 WINDOW=65535 RES=0x00 SYN URGP=0 >> " >> >> snort is running, hflow isnt >> >> [EMAIL PROTECTED] ~]# ps ax | grep snort >> 6939 ? Ss 2:10 /usr/sbin/snort -A fast -b -d -D -i eth0 -u >> snort -g snort -c /etc/snort/snort.conf -l /var/log/snort >> >> " >> >> >> >> >> >> at last this is the log generated by hflow >> >> "[EMAIL PROTECTED] ~]# cat /var/log/hflow/hflowd.log >> start of snort block_init >> snort_block:fifo exists attempting to delete >> snort_block: successful deletion >> snort_block: success creating pipe >> Snort block: fork section done! >> pcap out:initializing comm structs >> pcap_out block: new thread 3076021136 >> open fifo done!------------------- >> Snort block: failed to detect correct initialization of snort, >> aborting: File exists >> " >> >> Any help wil be apreciated. >> _______________________________________________ >> Honeywall mailing list >> [email protected] >> https://public.honeynet.org/mailman/listinfo/honeywall >> > _______________________________________________ > Honeywall mailing list > [email protected] > https://public.honeynet.org/mailman/listinfo/honeywall > _______________________________________________ Honeywall mailing list [email protected] https://public.honeynet.org/mailman/listinfo/honeywall
