Hi Daniel! Problem solved!
Thanks! -- Welkson Renny de Medeiros Focus Automação Comercial Desenvolvimento / Gerência de Redes [EMAIL PROTECTED] Thu, 6 Dec 2007 22:10:30 -0400, "Daniel Cid" <[EMAIL PROTECTED]> escreveu: > > Hi Welkson, > > Can you try upgrading to ossec v1.4. We fixed that a while back... > > Thanks, > > -- > Daniel B. Cid > dcid ( at ) ossec.net > > On Nov 28, 2007 8:07 AM, Welkson Renny de Medeiros > <[EMAIL PROTECTED]> wrote: > > > > Others messages: > > > > snort -i tun0 -A full -c /usr/local/etc/snort/snort.conf > > > > [EMAIL PROTECTED]:~] # tail -f /var/log/snort/alert > > > > [**] [116:1:1] (snort_decoder) WARNING: Not IPv4 datagram! [**] > > 11/28-09:01:40.653374 > > > > [**] [116:2:1] (snort_decoder) WARNING: hlen < IP_HEADER_LEN! [**] > > 11/28-09:01:44.279795 > > > > [**] [116:2:1] (snort_decoder) WARNING: hlen < IP_HEADER_LEN! [**] > > 11/28-09:01:46.710462 > > > > [EMAIL PROTECTED]:~] # tail -f /var/ossec/logs/ossec.log > > 2007/11/28 06:53:58 ossec-logcollector: Bad formated snort full file. > > 2007/11/28 07:37:25 ossec-logcollector: Bad formated snort full file. > > 2007/11/28 07:39:48 ossec-logcollector: Bad formated snort full file. > > 2007/11/28 07:41:16 ossec-logcollector: Bad formated snort full file. > > 2007/11/28 07:56:54 ossec-logcollector: Bad formated snort full file. > > 2007/11/28 07:57:14 ossec-logcollector: Bad formated snort full file. > > 2007/11/28 08:00:21 ossec-logcollector: Bad formated snort full file. > > 2007/11/28 08:07:29 ossec-logcollector: Bad formated snort full file. > > 2007/11/28 08:09:15 ossec-logcollector: Bad formated snort full file. > > 2007/11/28 08:09:57 ossec-logcollector(1904): File not available, ignoring > > it: '/var/log/snort/alert'. > > > > Thanks... > > > > > > -- > > Welkson Renny de Medeiros > > Focus Automação Comercial > > Desenvolvimento / Gerência de Redes > > [EMAIL PROTECTED] > > > > > > > > Powered by .... > > > > (__) > > \\\'',) > > \/ \ ^ > > .\._/_) > > > > www.FreeBSD.org > > > > > > ----- Original Message ----- > > From: "Welkson Renny de Medeiros" <[EMAIL PROTECTED]> > > To: <[email protected]> > > Sent: Tuesday, November 27, 2007 4:21 PM > > Subject: [ossec-list] LogCollector: Bad formated snort full file > > > > > > > > Hi ! > > > > [EMAIL PROTECTED]:/etc/firewall] # uname -a > > FreeBSD netserver 6.1-STABLE FreeBSD 6.1-STABLE > > > > [EMAIL PROTECTED]:/etc/firewall] # snort -V > > o" )~ Version 2.7.0.1 (Build 36) > > > > [EMAIL PROTECTED]:/var/ossec/bin] # ./ossec-control start > > Starting OSSEC HIDS v1.2 (by Daniel B. Cid)... > > > > Error on ossec.log: > > > > [EMAIL PROTECTED]:/var/ossec/bin] # tail -f /var/ossec/logs/ossec.log > > 2007/11/27 16:02:57 ossec-logcollector(1950): Analyzing file: > > '/var/log/xferlog'. > > 2007/11/27 16:02:57 ossec-logcollector(1950): Analyzing file: > > '/var/log/vsftpd.log'. > > 2007/11/27 16:02:57 ossec-logcollector(1950): Analyzing file: > > '/var/log/maillog'. > > 2007/11/27 16:02:57 ossec-logcollector(1950): Analyzing file: > > '/var/log/snort/alert'. > > 2007/11/27 16:02:57 ossec-logcollector: Started (pid: 7840). > > 2007/11/27 16:05:07 ossec-logcollector: Bad formated snort full file. > > > > Last messages on snort alert file: > > > > [EMAIL PROTECTED]:/var/ossec/bin] # tail -f /var/log/snort/alert > > [Classification: Potentially Bad Traffic] [Priority: 2] > > 11/27-16:20:16.465158 200.165.132.154:53 -> 189.71.104.90:55045 > > UDP TTL:248 TOS:0x0 ID:15868 IpLen:20 DgmLen:80 DF > > Len: 52 > > > > [**] [122:7:0] (portscan) TCP Filtered Portsweep [**] > > [Priority: 3] > > 11/27-16:20:45.780261 189.71.104.90 -> 66.249.83.83 > > PROTO:255 TTL:0 TOS:0x0 ID:12568 IpLen:20 DgmLen:167 DF > > > > Any suggestions? > > > > Thanks in advance... sorry by my poor english :-) > > > > > > -- > > Welkson Renny de Medeiros > > Focus Automação Comercial > > Desenvolvimento / Gerência de Redes > > [EMAIL PROTECTED] > > > > > > > > Powered by .... > > > > (__) > > \\\'',) > > \/ \ ^ > > .\._/_) > > > > www.FreeBSD.org > > > > > > > > >
