This may have been the bug I was seeing and I have since switched to snort.
I can get around the bug in snort by starting packetfence manually,
hitting ctrl-c when it tries to start snort, then starting snort manually
as well. I made another post about this and am hoping for a patch to
services.pm to start the services in the proper order. Thanks for the
input!
Brian
On Tue, Jul 2, 2013 at 3:41 PM, Derek Wuelfrath <[email protected]>wrote:
> Which version of PF ?
> Please have a look at: http://www.packetfence.org/bugs/view.php?id=1651
>
> Derek
>
> --
> [email protected] :: +1.514.447.4918 (x110) :: www.inverse.ca
> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (
> www.packetfence.org)
>
> On 2013-06-27, at 5:49 PM, Brian Lucas <[email protected]> wrote:
>
> When pf generated the file root owned it. Even with a chown pf:pf suricata
> won't connect to it. :/
> On Jun 27, 2013 4:12 PM, "Derek Wuelfrath" <[email protected]> wrote:
>
>> I do see when I run ls -l /usr/local/pf/var that alert is a FIFO file
>> owned by root. Should it be owned by root?
>>
>>
>> Should be owned by the same user that suricata is running from (i think
>> it's pf)
>>
>> Cheers!
>> dw.
>>
>> --
>> [email protected] :: +1.514.447.4918 (x110) :: www.inverse.ca
>> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (
>> www.packetfence.org)
>>
>> On 2013-06-27, at 11:55 AM, Brian Lucas <[email protected]> wrote:
>>
>> Gentlemen,
>>
>> pfdetect is running and not showing any errors in pf/logs/pfdetect
>> suricata is running however in /var/log/suricata.log i see the following
>> error:
>> 27/6/2013 -- 04:16:06 - <Error> - [ERRCODE: SC_ERR_SOCKET(200)] - Error
>> connecting to socket "/usr/local/pf/var/alert": Connection refused
>>
>> /usr/local/pf/var/alert is being generated at startup and I confirmed
>> this by shutting down packetfence and deleting the file, then restarting
>> packetfence with service packetfence start.
>>
>> I do see when I run ls -l /usr/local/pf/var that alert is a FIFO file
>> owned by root. Should it be owned by root?
>>
>> I am really at a loss as to how to solve this problem and need suricata
>> up and running to get this setup finally up and running. Any help would be
>> appreciated in solving this latest issue. I'm also sitting in IRC for a
>> bit as sacul if anyone wants to drop in there.
>>
>> Brian
>>
>>
>>
>> ------------------------------------------------------------------------------
>> This SF.net <http://sf.net/> email is sponsored by Windows:
>>
>> Build for Windows Store.
>>
>>
>> http://p.sf.net/sfu/windows-dev2dev_______________________________________________
>> PacketFence-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> This SF.net email is sponsored by Windows:
>>
>> Build for Windows Store.
>>
>> http://p.sf.net/sfu/windows-dev2dev
>> _______________________________________________
>> PacketFence-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by Windows:
>
> Build for Windows Store.
>
>
> http://p.sf.net/sfu/windows-dev2dev_______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by Windows:
>
> Build for Windows Store.
>
> http://p.sf.net/sfu/windows-dev2dev
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
