[Nfsen-discuss] nsfsen-botnet/nfsen-events stopped working

Roberto Navarro - TusProfesionales.es Fri, 18 Mar 2011 05:18:46 -0700

Everything seem ok if you look the logs:

Mar 18 12:45:00 nfc nfcapd[2689]: Ident: 'upstream1' Flows: 1674147, 
Packets: 26495312, Bytes: 18906498650, Sequence Errors: 0, Bad Packets: 0
Mar 18 12:45:00 nfc nfcapd[2689]: Total ignored packets: 0
Mar 18 12:45:00 nfc nfcapd[2690]: Run expire on 
'/var/netflow/data/live/upstream1'
Mar 18 12:45:00 nfc nfcapd[2690]: Limits: Filesize 96636764160 = 90.0 GB, 
Lifetime <none>, Watermark: 90%
Mar 18 12:45:00 nfc nfcapd[2690]: Current size: 88883515392 = 82.8 GB, 
Current lifetime: 1032900 = 1.7 weeks, Number of files: 3444
Mar 18 12:45:00 nfc nfcapd[2690]: expire completed - nothing to expire.
Mar 18 12:45:15 nfc nfsen[2692]: 53 channels/alerts to profile
Mar 18 12:45:18 nfc nfsen[2692]: Update profile DNS in group .
Mar 18 12:45:19 nfc nfsen[2692]: Update profile IN_OUT in group .
Mar 18 12:45:19 nfc nfsen[2692]: Update profile Por_Clases in group .
Mar 18 12:45:20 nfc nfsen[2692]: Update profile Protocolos in group .
Mar 18 12:45:20 nfc nfsen[2692]: Update profile live in group .
Mar 18 12:45:20 nfc nfsen[2692]: Update profile DST_AS in group AS
Mar 18 12:45:21 nfc nfsen[2692]: Update profile SRC_AS in group AS
Mar 18 12:45:21 nfc nfsen[2692]: Update profile correo in group Servicios
Mar 18 12:45:22 nfc nfsen[19792]: Plugin Cycle: Time: 201103181240, Profile: 
live, Group: ., Module: Events,
Mar 18 12:45:22 nfc nfsen[19792]: Plugin Cycle: Time: 201103181240, Profile: 
live, Group: ., Module: Events_mail,
Mar 18 12:45:22 nfc nfsen[19792]: Plugin Cycle: Time: 201103181240, Profile: 
live, Group: ., Module: PortTracker,
Mar 18 12:45:25 nfc nfsen[2692]: Process alert 'proftpd_backdoor'
Mar 18 12:45:25 nfc nfsen[2692]: condition 0: evaluated to False
Mar 18 12:45:25 nfc nfsen[2692]: Process alert 'UDP_SOSPICHOSO'
Mar 18 12:45:25 nfc nfsen[2692]: condition 0: evaluated to False
Mar 18 12:45:26 nfc nfsen[2692]: Process alert 'peering'
Mar 18 12:45:26 nfc nfsen[2692]: condition 0: evaluated to False
Mar 18 12:45:27 nfc nfsen[2692]: Process alert 'SMTP'
Mar 18 12:45:27 nfc nfsen[2692]: condition 0: evaluated to False
Mar 18 12:45:27 nfc nfsen[2692]: Process alert 'botnet'
Mar 18 12:45:27 nfc nfsen[2692]: Run expire at Fri Mar 18 12:45:00 2011
Mar 18 12:45:27 nfc nfsen[2692]: End expire at Fri Mar 18 12:45:00 2011


But if I connect to a host which is listed, nothing happens.

Also, the events table is empty.

Last mail we got was past 22/02/2011

Any ideas?

_________________
Reciba un cordial saludo
Roberto Navarro Reyes
Director Técnico - Tusprofesionales, SL 


------------------------------------------------------------------------------
Colocation vs. Managed Hosting
A question and answer guide to determining the best fit
for your organization - today and in the future.
http://p.sf.net/sfu/internap-sfd2d
_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

[Nfsen-discuss] nsfsen-botnet/nfsen-events stopped working

Reply via email to