On Wed, Mar 30, 2016 at 3:59 AM, Johannes Lavre <johann...@vfk.no> wrote:

> I recently installed psad v2.4.3 on a centos 6.7 box and its working exept
> for a minor bug, top 25 ip address attackers and ip status detail is not
> showing when running psad status (psad –S)
>
> Psad is logging these results so i know its working. The first time i
> started psad it showed these results bu tafter i restarted daemon its not
> show ip status and details but it logs them.
>

Hello Johannes,

Thanks for the bug report. I'll take a look and provide feedback over the
next couple of days.

--Mike



>
>
>
>
> [root@fw ~]# psad -S
>
> [+] psadwatchd (pid: 44434)  %CPU: 0.0  %MEM: 0.0
>
>     Running since: Wed Mar 30 09:42:49 2016
>
>
>
> [-] psad: pid file /var/run/psad/psad_fw_read.pid does not exist for
> psad_fw_read on fw.cypod.local
>
> [+] psad (pid: 44432)  %CPU: 0.0  %MEM: 2.9
>
>     Running since: Wed Mar 30 09:42:49 2016
>
>     Command line arguments: [none specified]
>
>     Alert email address(es): admin@localhost
>
>
>
> [+] Version: psad v2.4.3
>
>
>
> [+] Top 50 signature matches:
>
>       "ICMP PING" (icmp),  Count: 6,  Unique sources: 1,  Sid: 384
>
>       "ICMP Timestamp Request" (icmp),  Count: 6,  Unique sources: 1,
> Sid: 453
>
>
>
> [+] Top 25 attackers:
>
>         [NONE]
>
>
>
> [+] Top 20 scanned ports:
>
>       tcp 5358  87 packets
>
>       tcp 8080  85 packets
>
>       tcp 443   6 packets
>
>       tcp 27017 1 packets
>
>
>
>       udp 161   574 packets
>
>       udp 53    2 packets
>
>       udp 19    1 packets
>
>
>
> [+] iptables log prefix counters:
>
>       "DROP INVALID PKT": 14
>
>       "DROP PKT": 774
>
>
>
>     Total protocol packet counters:
>
>         icmp: 12 pkts
>
>          tcp: 179 pkts
>
>          udp: 577 pkts
>
>
>
> [+] IP Status Detail:
>
>         [NONE]
>
>
>
>     Total scan sources: 0
>
>     Total scan destinations: 0
>
>
>
> [+] These results are available in: /var/log/psad/status.out
>
>
>
> [root@fw ~]# cat /var/log/psad/top_attackers
>
> #
>
> # Format: <IP> <DL> <total_packets> <uniq_sigs> <sig_matches> <is_local>
>
> #
>
>
>
> My scanning ip  2 18 2 12 0
>
>
>
>
>
>
>
> [image: Beskrivelse: Beskrivelse: cid:image002.png@01CCB97E.2ECCE6E0]
>
>
>
>
> Vennlig hilsen
>
> *Johannes Lavre*
>
> IKT-Fagarbeider
> Horten Videregående skole
>
>
>
>
> Direkte: 93 43 75 05
>
> Jobb: 33 07 90 57
> Sentralbord: 33 07 90 00
>
>
> *www.vfk.no <http://www.vfk.no/> Facebook
> <http://www.facebook.com/#!/pages/Vestfold-fylkeskommune/136880609677063> 
> **Twitter
> <https://twitter.com/#!/vestfoldfylke>*
>
>
>
>
>
>
> ------------------------------------------------------------------------------
> Transform Data into Opportunity.
> Accelerate data analysis in your applications with
> Intel Data Analytics Acceleration Library.
> Click to learn more.
> http://pubads.g.doubleclick.net/gampad/clk?id=278785471&iu=/4140
> _______________________________________________
> psad-discuss mailing list
> psad-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/psad-discuss
>
>


-- 
Michael Rash | Founder
http://www.cipherdyne.org/
Key fingerprint = 53EA 13EA 472E 3771 894F  AC69 95D8 5D6B A742 839F
------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785471&iu=/4140
_______________________________________________
psad-discuss mailing list
psad-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/psad-discuss

Reply via email to