> I recently decided to try out LaBrea - and I'm not sure if it is working. > According to it - the filter is receiving packets - but nothing is making it > into syslog. I decided to try -v (verbose logging) still to no avail. If I > kill the LaBrea process then it logs some info to syslog: > > > Dec 7 18:56:04 Router /usr/sbin/LaBrea: 14 packets received by filter > Dec 7 18:56:04 Router /usr/sbin/LaBrea: 0 packets dropped by kernel > Dec 7 18:56:04 Router /usr/sbin/LaBrea: Exiting... > > > if anyone else is running LaBrea please let me know if the logging works for > you - I suppose its possible that I have disabled something in syslog.conf, > but I don't think so... here is what is getting directed to syslog: > > *.*;auth,authpriv.none -/var/log/syslog > > Any help/suggestions would be appreciated...
A couple issues...first the packets LaBrea responds to MUST be blocked by a DENY firewall rule (if you're using the BPF filter rules) or non-existant. LaBrea can only capture IP's if the interface is in the promiscuious mode...I had some problems with the interface dropping out of promiscuous mode, and hacked an ifconfig command to work around this...you might check your logs and see if your interface is still in promiscuous mode when LaBrea is supposed to be running. More details would go a long way towards helping to diagnose your problems... Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
