Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: snort Acid
« previous next »
Pages: [1]   Go Down

snort Acid

  • 8 Replies
  • 1446 Views

Tom Veitch

snort Acid
« on: July 15, 2002, 12:38:42 AM »
Hi All,

I have installled Snort and Acid IDS on a SME 5.5 server,

the server is connected to the internet though ADSL useing PPPOE with a second ethernet,

the problem i have is it all seems to be working i can get to the Acid web page and all looks ok but when i try a port scan no reports on the acid page,

how do we know if it is running if i look at snort stats it returns that snort is stopped

can anyone help me with this

Tom Veitch
Logged

Tom Veitch

Re: snort Acid
« Reply #1 on: July 15, 2002, 12:45:53 AM »
this is what i get if i try to start snort

Jul 15 05:42:47 office snort-mysql: WARNING: OpenPcap() device eth1 network lookup:  ^Ieth1: no IPv4 address assigned
Jul 15 05:42:47 office snort-mysql: Initializing daemon mode
Jul 15 05:42:47 office snortd: snort-mysql startup succeeded
Jul 15 05:42:47 office snort-mysql: PID stat checked out ok, PID set to /var/run/
Jul 15 05:42:47 office snort-mysql: Writing PID file to "/var/run/"
Jul 15 05:42:47 office kernel: eth1: Promiscuous mode enabled.
Jul 15 05:42:47 office kernel: device eth1 entered promiscuous mode
Jul 15 05:42:49 office snort-mysql: FATAL ERROR: ERROR => Undefined variable name: (/etc/snort/.//web-cgi.rules:8): HTTP_PORTS
Jul 15 05:42:49 office kernel: device eth1 left promiscuous mode
Logged

Jon Thiele

Re: snort Acid
« Reply #2 on: July 15, 2002, 01:29:46 AM »
Tom Veitch wrote:
>
> Hi All,
>
> I have installled Snort and Acid IDS on a SME 5.5 server,
>
> the server is connected to the internet though ADSL useing
> PPPOE with a second ethernet,
>
> the problem i have is it all seems to be working i can get to
> the Acid web page and all looks ok but when i try a port scan
> no reports on the acid page.

yep, i've been looking at this problem exact same problem...

the reason this is happening is because your system does not use the standard eth1 adapter, but something like ppp0 or ppp1.

ari novikoff in this message:

http://forums.contribs.org/index.php?topic=13687.msg52065#msg52065

says to edit the snort.conf file, but i can't seem to find out where.  i downloaded the source rpms from his website and i'm changing them to reference eth0 and ppp0 (in my case....).
Logged

Tom Veitch

Re: snort Acid
« Reply #3 on: July 15, 2002, 02:29:10 AM »
Thanks Jon,

I have had look and i carn't seem to find the as well,

i would like to seen the changes you make if thats ok
Logged

Tom Veitch

Re: snort Acid
« Reply #4 on: July 15, 2002, 06:23:40 AM »
I have just tested the Acid/ snort system on a dialup with the ari-mitel-acid-1.0-11.noarch.rpm and it is a no go as it looks for eth1 not the normal eth0 and i can not seem to find where it can be changed can some one please point me in the right location

the acid seems to be running but no data is being collected

Tom Veitch
Logged

jasper

Re: snort Acid
« Reply #5 on: July 16, 2002, 06:23:45 AM »
you might try the editing the script /etc/rc.d/init.d/snortd
Logged

Tom Veitch

Re: snort Acid
« Reply #6 on: July 18, 2002, 08:41:52 AM »
All working now,

You have to make a few changes in the snort.conf as well because not fixed  ip

thanks
Logged

dave

Re: snort Acid
« Reply #7 on: August 21, 2002, 06:56:23 AM »
Following the instruction at http://www.marari.net/downloads/snort/acid-howto.htm, I installed the following files using the system upgrade in SME5.5
I found the links in the instructions were no longer valid since there were newer version. So I found the newer versions and maybe wrong in using them.

Here is what is installed
Aug 20 18:29:47 Seaport5 sshd(pam_unix)[13160]: session closed for user root
Aug 20 18:31:29 Seaport5 e-smith[13307]: Processing event: update-rpm-system
Aug 20 18:31:29 Seaport5 e-smith[13307]: Running event handler: /etc/e-smith/events/update-rpm-system/S10update-rpm-system
Aug 20 18:31:30 Seaport5 e-smith[13307]: Preparing...                ##################################################
Aug 20 18:31:30 Seaport5 e-smith[13307]: package libpcap-0.6.2-12 is already installed
Aug 20 18:31:31 Seaport5 e-smith[13307]: S10update-rpm-system=action|Event|update-rpm-system|Action|S10update-rpm-system|Start|1029893489 634102|End|1029893491 803973|Elapsed|2.169871
Aug 20 18:32:02 Seaport5 e-smith[13325]: Processing event: update-rpm-system
Aug 20 18:32:02 Seaport5 e-smith[13325]: Running event handler: /etc/e-smith/events/update-rpm-system/S10update-rpm-system
Aug 20 18:32:03 Seaport5 e-smith[13325]: Preparing...                ##################################################
Aug 20 18:32:03 Seaport5 e-smith[13325]: package snort-1.8.7-1snort is already installed
Aug 20 18:32:04 Seaport5 e-smith[13325]: S10update-rpm-system=action|Event|update-rpm-system|Action|S10update-rpm-system|Start|1029893522 326384|End|1029893524 657127|Elapsed|2.330743
Aug 20 18:32:20 Seaport5 e-smith[13343]: Processing event: update-rpm-system
Aug 20 18:32:20 Seaport5 e-smith[13343]: Running event handler: /etc/e-smith/events/update-rpm-system/S10update-rpm-system
Aug 20 18:32:20 Seaport5 e-smith[13343]: Preparing...                ##################################################
Aug 20 18:32:20 Seaport5 e-smith[13343]: package snort-mysql-1.8.7-1snort is already installed
Aug 20 18:32:22 Seaport5 e-smith[13343]: S10update-rpm-system=action|Event|update-rpm-system|Action|S10update-rpm-system|Start|1029893540 101400|End|1029893542 92123|Elapsed|1.990723
Aug 20 18:32:49 Seaport5 e-smith[13361]: Processing event: update-rpm-system
Aug 20 18:32:49 Seaport5 e-smith[13361]: Running event handler: /etc/e-smith/events/update-rpm-system/S10update-rpm-system
Aug 20 18:32:50 Seaport5 e-smith[13361]: Preparing...                ##################################################
Aug 20 18:32:50 Seaport5 e-smith[13361]: package ari-mitel-acid-1.0-11 is already installed
Aug 20 18:32:52 Seaport5 e-smith[13361]: S10update-rpm-system=action|Event|update-rpm-system|Action|S10update-rpm-system|Start|1029893569 888643|End|1029893572 128397|Elapsed|2.239754

When I point my browser to http://www.mydomain/acid I get the following page

   Analysis Console for Intrusion Databases  

Error (p)connecting to DB : snort_log@localhost

Check the DB connection variables in acid_conf.php

               = $alert_dbname   : MySQL database name where the alerts are stored
               = $alert_host     : host where the database is stored
               = $alert_port     : port where the database is stored
               = $alert_user     : username into the database
               = $alert_password : password for the username
             
Database ERROR:Unknown database 'snort_log'

I have checked my mysql databases and do not find the snort/acid database.


Here is my message log file from the 1st install when I had to reinstall the last RPM.
Aug 15 01:12:08 Seaport5 syslogd 1.4.1: restart.
Aug 15 01:12:08 Seaport5 e-smith[7630]: S65reload-syslogd=action|Event|logrotate|Action|S65reload-syslogd|Start|1029399127 871211|End|1029399128 605630|Elapsed|0.734419
Aug 15 01:12:08 Seaport5 e-smith[7630]: Running event handler: /etc/e-smith/events/logrotate/S65restart-httpd-graceful
Aug 15 01:12:09 Seaport5 e-smith[7630]: S65restart-httpd-graceful=action|Event|logrotate|Action|S65restart-httpd-graceful|Start|1029399128 609573|End|1029399129 184905|Elapsed|0.575332
Aug 15 01:12:09 Seaport5 e-smith[7630]: Running event handler: /etc/e-smith/events/logrotate/S70reload-httpd-admin
Aug 15 01:12:10 Seaport5 e-smith[7630]: S70reload-httpd-admin=action|Event|logrotate|Action|S70reload-httpd-admin|Start|1029399129 185902|End|1029399130 61936|Elapsed|0.876034
Aug 15 01:12:10 Seaport5 e-smith[7630]: Running event handler: /etc/e-smith/events/logrotate/S75purge-old-logs
Aug 15 01:12:10 Seaport5 httpd-e-smith: httpd -USR1 succeeded
Aug 15 01:12:10 Seaport5 e-smith[7630]: S75purge-old-logs=action|Event|logrotate|Action|S75purge-old-logs|Start|1029399130 63481|End|1029399130 926580|Elapsed|0.863099
Aug 15 01:12:11 Seaport5 httpd-admin: httpd-admin -USR1 succeeded
Aug 15 01:12:11 Seaport5 e-smith-bg: Gracefully reloading e-smith httpd-admin: [   OK   ]^M
Aug 15 01:12:16 Seaport5 e-smith-bg: Gracefully reloading httpd: [   OK   ]^M
Aug 20 15:42:53 Seaport5 e-smith[12314]: Processing event: update-rpm-system
Aug 20 15:42:53 Seaport5 e-smith[12314]: Running event handler: /etc/e-smith/events/update-rpm-system/S10update-rpm-system
Aug 20 15:42:56 Seaport5 e-smith[12314]: Preparing...                ##################################################
Aug 20 15:42:56 Seaport5 e-smith[12314]: libpcap                     ##################################################
Aug 20 15:43:02 Seaport5 e-smith[12314]: S10update-rpm-system=action|Event|update-rpm-system|Action|S10update-rpm-system|Start|1029883373 546588|End|1029883382 498474|Elapsed|8.951886
Aug 20 15:44:26 Seaport5 e-smith[12333]: Processing event: update-rpm-system
Aug 20 15:44:26 Seaport5 e-smith[12333]: Running event handler: /etc/e-smith/events/update-rpm-system/S10update-rpm-system
Aug 20 15:44:27 Seaport5 e-smith[12333]: Preparing...                ##################################################
Aug 20 15:44:27 Seaport5 e-smith[12333]: snort                       ##################################################
Aug 20 15:44:29 Seaport5 e-smith[12333]: S10update-rpm-system=action|Event|update-rpm-system|Action|S10update-rpm-system|Start|1029883466 427657|End|1029883469 488761|Elapsed|3.061104
Aug 20 15:44:57 Seaport5 e-smith[12353]: Processing event: update-rpm-system
Aug 20 15:44:57 Seaport5 e-smith[12353]: Running event handler: /etc/e-smith/events/update-rpm-system/S10update-rpm-system
Aug 20 15:44:58 Seaport5 e-smith[12353]: Preparing...                ##################################################
Aug 20 15:44:58 Seaport5 e-smith[12353]: snort-mysql                 ##################################################
Aug 20 15:45:00 Seaport5 e-smith[12353]: S10update-rpm-system=action|Event|update-rpm-system|Action|S10update-rpm-system|Start|1029883497 832473|End|1029883500 127134|Elapsed|2.294661
Aug 20 15:45:40 Seaport5 e-smith[12373]: Processing event: update-rpm-system
Aug 20 15:45:40 Seaport5 e-smith[12373]: Running event handler: /etc/e-smith/events/update-rpm-system/S10update-rpm-system
Aug 20 15:45:42 Seaport5 e-smith[12373]: Preparing...                ##################################################
Aug 20 15:45:42 Seaport5 e-smith[12373]: ari-mitel-acid              ##################################################
Aug 20 15:45:43 Seaport5 e-smith[12373]:  
Aug 20 15:45:43 Seaport5 e-smith[12373]: Installing...
Aug 20 15:45:48 Seaport5 e-smith[12373]: ^G/usr/bin/mysqladmin: connect to server at 'localhost' failed
Aug 20 15:45:48 Seaport5 e-smith[12373]: error: 'Access denied for user: 'root@localhost' (Using password: NO)'
Aug 20 15:45:48 Seaport5 e-smith[12373]: ERROR 1045: Access denied for user: 'root@localhost' (Using password: NO)
Aug 20 15:45:48 Seaport5 e-smith[12373]: ^G/usr/bin/mysqladmin: connect to server at 'localhost' failed
Aug 20 15:45:48 Seaport5 e-smith[12373]: error: 'Access denied for user: 'root@localhost' (Using password: NO)'
Aug 20 15:45:48 Seaport5 e-smith[12373]: ERROR 1045: Access denied for user: 'root@localhost' (Using password: NO)
Aug 20 15:45:48 Seaport5 e-smith[12373]: /etc/snort/snortd' -> /etc/rc.d/init.d/snortd'
Aug 20 15:45:48 Seaport5 e-smith[12373]:  
Aug 20 15:45:48 Seaport5 e-smith[12373]: Expanding templates.  One moment please...(this can take up to one minute)
Aug 20 15:45:48 Seaport5 e-smith[12394]: Processing event: console-save
Aug 20 15:45:48 Seaport5 e-smith[12394]: Running event handler: /etc/e-smith/events/console-save/S07conf-hostsdb
Aug 20 15:45:50 Seaport5 e-smith[12394]: S07conf-hostsdb=action|Event|console-save|Action|S07conf-hostsdb|Start|1029883548 924429|End|1029883550 69590|Elapsed|1.145161
Aug 20 15:45:50 Seaport5 e-smith[12394]: Running event handler: /etc/e-smith/events/console-save/S10set-access-defaults
Aug 20 15:45:50 Seaport5 e-smith[12394]: S10set-access-defaults=action|Event|console-save|Action|S10set-access-defaults|Start|1029883550 70145|End|1029883550 383742|Elapsed|0.313597
Aug 20 15:45:50 Seaport5 e-smith[12394]: Running event handler: /etc/e-smith/events/console-save/S10set-hostname
Aug 20 15:45:51 Seaport5 e-smith[12394]: S10set-hostname=action|Event|console-save|Action|S10set-hostname|Start|1029883550 387821|End|1029883551 115932|Elapsed|0.728111
Aug 20 15:45:51 Seaport5 e-smith[12394]: Running event handler: /etc/e-smith/events/console-save/S30conf-modules
Aug 20 15:45:57 Seaport5 e-smith[12394]: S30conf-modules=action|Event|console-save|Action|S30conf-modules|Start|1029883551 120056|End|1029883557 527907|Elapsed|6.407851
Aug 20 15:45:57 Seaport5 e-smith[12394]: Running event handler: /etc/e-smith/events/console-save/S35conf-ethernet
Aug 20 15:45:58 Seaport5 e-smith[12394]: S35conf-ethernet=action|Event|console-save|Action|S35conf-ethernet|Start|1029883557 528397|End|1029883558 955984|Elapsed|1.427587
Aug 20 15:45:58 Seaport5 e-smith[12394]: Running event handler: /etc/e-smith/events/console-save/S40conf-dialup
Aug 20 15:45:59 Seaport5 e-smith[12394]: S40conf-dialup=action|Event|console-save|Action|S40conf-dialup|Start|1029883558 956466|End|1029883559 520710|Elapsed|0.564244
Aug 20 15:45:59 Seaport5 e-smith[12394]: Running event handler: /etc/e-smith/events/console-save/S45conf-masq
Aug 20 15:46:01 Seaport5 e-smith[12394]: S45conf-masq=action|Event|console-save|Action|S45conf-masq|Start|1029883559 524856|End|1029883561 77774|Elapsed|1.552918
Aug 20 15:46:01 Seaport5 e-smith[12394]: Running event handler: /etc/e-smith/events/console-save/S45conf-mod_ssl
Aug 20 15:46:01 Seaport5 e-smith[12394]: S45conf-mod_ssl=action|Event|console-save|Action|S45conf-mod_ssl|Start|1029883561 78255|End|1029883561 632152|Elapsed|0.553897
Aug 20 15:46:01 Seaport5 e-smith[12394]: Running event handler: /etc/e-smith/events/console-save/S45conf-networking
Aug 20 15:46:02 Seaport5 e-smith[12394]: kernel.sysrq = 0
Aug 20 15:46:02 Seaport5 e-smith[12394]: net.ipv4.conf.all.rp_filter = 1
Aug 20 15:46:02 Seaport5 e-smith[12394]: net.ipv4.ip_always_defrag = 0
Aug 20 15:46:02 Seaport5 e-smith[12394]: net.ipv4.ip_forward = 1
Aug 20 15:46:02 Seaport5 e-smith[12394]: net.ipv4.tcp_keepalive_time = 300
Aug 20 15:46:02 Seaport5 e-smith[12394]: S45conf-networking=action|Event|console-save|Action|S45conf-networking|Start|1029883561 636237|End|1029883562 991654|Elapsed|1.355417
Aug 20 15:46:03 Seaport5 e-smith[12394]: Running event handler: /etc/e-smith/events/console-save/S45named-conf
Aug 20 15:46:04 Seaport5 e-smith[12394]: S45named-conf=action|Event|console-save|Action|S45named-conf|Start|1029883562 992138|End|1029883564 788588|Elapsed|1.79645
Aug 20 15:46:04 Seaport5 e-smith[12394]: Running event handler: /etc/e-smith/events/console-save/S47proftpd-conf
Aug 20 15:46:06 Seaport5 e-smith[12394]: S47proftpd-conf=action|Event|console-save|Action|S47proftpd-conf|Start|1029883564 789062|End|1029883566 229260|Elapsed|1.440198
Aug 20 15:46:06 Seaport5 e-smith[12394]: Running event handler: /etc/e-smith/events/console-save/S50conf-identd
Aug 20 15:46:06 Seaport5 e-smith[12394]: S50conf-identd=action|Event|console-save|Action|S50conf-identd|Start|1029883566 229740|End|1029883566 961477|Elapsed|0.731737
Aug 20 15:46:06 Seaport5 e-smith[12394]: Running event handler: /etc/e-smith/events/console-save/S50conf-mod_perl
Aug 20 15:46:07 Seaport5 e-smith[12394]: S50conf-mod_perl=action|Event|console-save|Action|S50conf-mod_perl|Start|1029883566 965570|End|1029883567 546602|Elapsed|0.581032
Aug 20 15:46:07 Seaport5 e-smith[12394]: Running event handler: /etc/e-smith/events/console-save/S50conf-php
Aug 20 15:46:08 Seaport5 e-smith[12394]: S50conf-php=action|Event|console-save|Action|S50conf-php|Start|1029883567 551113|End|1029883568 530025|Elapsed|0.978912
Aug 20 15:46:08 Seaport5 e-smith[12394]: Running event handler: /etc/e-smith/events/console-save/S50conf-pppoe-startup
Aug 20 15:46:09 Seaport5 e-smith[12394]: S50conf-pppoe-startup=action|Event|console-save|Action|S50conf-pppoe-startup|Start|1029883568 530504|End|1029883569 97978|Elapsed|0.567474
Aug 20 15:46:09 Seaport5 e-smith[12394]: Running event handler: /etc/e-smith/events/console-save/S50conf-security
Aug 20 15:46:10 Seaport5 e-smith[12394]: S50conf-security=action|Event|console-save|Action|S50conf-security|Start|1029883569 102100|End|1029883570 995253|Elapsed|1.893153
Aug 20 15:46:10 Seaport5 e-smith[12394]: Running event handler: /etc/e-smith/events/console-save/S55atalk-conf
Aug 20 15:46:13 Seaport5 e-smith[12394]: S55atalk-conf=action|Event|console-save|Action|S55atalk-conf|Start|1029883570 995737|End|1029883573 76469|Elapsed|2.080732
Aug 20 15:46:13 Seaport5 e-smith[12394]: Running event handler: /etc/e-smith/events/console-save/S55conf-dhcpd
Aug 20 15:46:14 Seaport5 e-smith[12394]: S55conf-dhcpd=action|Event|console-save|Action|S55conf-dhcpd|Start|1029883573 76953|End|1029883574 95943|Elapsed|1.01899
Aug 20 15:46:14 Seaport5 e-smith[12394]: Running event handler: /etc/e-smith/events/console-save/S55conf-horde
Aug 20 15:46:15 Seaport5 e-smith[12394]: loading /etc/e-smith/sql/init/30mysql.create.horde.sql into mysql
Aug 20 15:46:15 Seaport5 e-smith[12394]: ERROR 1061 at line 74: Duplicate key name 'category_category_name_idx'
Aug 20 15:46:15 Seaport5 mysql.init: Loading data into mysql failed
Aug 20 15:46:15 Seaport5 e-smith[12394]: Loading data into mysql ^[[60G[ ^[[1;31mFAILED^[[0;39m ]^M
Aug 20 15:46:16 Seaport5 e-smith[12394]: S55conf-horde=action|Event|console-save|Action|S55conf-horde|Start|1029883574 96418|End|1029883576 204951|Elapsed|2.108533
Aug 20 15:46:16 Seaport5 e-smith[12394]: Running event handler: /etc/e-smith/events/console-save/S55conf-httpd
Aug 20 15:46:19 Seaport5 e-smith[12394]: S55conf-httpd=action|Event|console-save|Action|S55conf-httpd|Start|1029883576 205431|End|1029883579 434495|Elapsed|3.229064
Aug 20 15:46:19 Seaport5 e-smith[12394]: Running event handler: /etc/e-smith/events/console-save/S55conf-httpd-admin
Aug 20 15:46:21 Seaport5 e-smith[12394]: S55conf-httpd-admin=action|Event|console-save|Action|S55conf-httpd-admin|Start|1029883579 434977|End|1029883581 140855|Elapsed|1.705878
Aug 20 15:46:21 Seaport5 e-smith[12394]: Running event handler: /etc/e-smith/events/console-save/S55conf-samba
Aug 20 15:46:22 Seaport5 e-smith[12394]: S55conf-samba=action|Event|console-save|Action|S55conf-samba|Start|1029883581 141366|End|1029883582 654958|Elapsed|1.513592
Aug 20 15:46:22 Seaport5 e-smith[12394]: Running event handler: /etc/e-smith/events/console-save/S55email-assign
Aug 20 15:46:23 Seaport5 e-smith[12394]: S55email-assign=action|Event|console-save|Action|S55email-assign|Start|1029883582 655460|End|1029883583 747779|Elapsed|1.092319
Aug 20 15:46:23 Seaport5 e-smith[12394]: Running event handler: /etc/e-smith/events/console-save/S55email-conf
Aug 20 15:46:26 Seaport5 e-smith[12394]: S55email-conf=action|Event|console-save|Action|S55email-conf|Start|1029883583 748262|End|1029883586 659148|Elapsed|2.910886
Aug 20 15:46:26 Seaport5 e-smith[12394]: Running event handler: /etc/e-smith/events/console-save/S55email-startup-links
Aug 20 15:46:27 Seaport5 e-smith[12394]: S55email-startup-links=action|Event|console-save|Action|S55email-startup-links|Start|1029883586 659631|End|1029883587 226249|Elapsed|0.566618
Aug 20 15:46:27 Seaport5 e-smith[12394]: Running event handler: /etc/e-smith/events/console-save/S55init-conf
Aug 20 15:46:28 Seaport5 e-smith[12394]: S55init-conf=action|Event|console-save|Action|S55init-conf|Start|1029883587 230383|End|1029883588 51728|Elapsed|0.821345
Aug 20 15:46:28 Seaport5 e-smith[12394]: Running event handler: /etc/e-smith/events/console-save/S55lynx-conf
Aug 20 15:46:28 Seaport5 e-smith[12394]: S55lynx-conf=action|Event|console-save|Action|S55lynx-conf|Start|1029883588 55834|End|1029883588 599736|Elapsed|0.543902
Aug 20 15:46:28 Seaport5 e-smith[12394]: Running event handler: /etc/e-smith/events/console-save/S55mailfront-conf-control
Aug 20 15:46:29 Seaport5 e-smith[12394]: S55mailfront-conf-control=action|Event|console-save|Action|S55mailfront-conf-control|Start|1029883588 603924|End|1029883589 446341|Elapsed|0.842417
Aug 20 15:46:29 Seaport5 e-smith[12394]: Running event handler: /etc/e-smith/events/console-save/S55mailfront-conf-env
Aug 20 15:46:30 Seaport5 e-smith[12394]: S55mailfront-conf-env=action|Event|console-save|Action|S55mailfront-conf-env|Start|1029883589 450472|End|1029883590 216148|Elapsed|0.765676
Aug 20 15:46:30 Seaport5 e-smith[12394]: Running event handler: /etc/e-smith/events/console-save/S55mailfront-conf-tcprules
Aug 20 15:46:31 Seaport5 e-smith[12394]: S55mailfront-conf-tcprules=action|Event|console-save|Action|S55mailfront-conf-tcprules|Start|1029883590 220261|End|1029883591 10372|Elapsed|0.790111
Aug 20 15:46:31 Seaport5 e-smith[12394]: Running event handler: /etc/e-smith/events/console-save/S55pine-conf
Aug 20 15:46:31 Seaport5 e-smith[12394]: S55pine-conf=action|Event|console-save|Action|S55pine-conf|Start|1029883591 14526|End|1029883591 748954|Elapsed|0.734428
Aug 20 15:46:31 Seaport5 e-smith[12394]: Running event handler: /etc/e-smith/events/console-save/S55proxy-conf
Aug 20 15:46:32 Seaport5 e-smith[12394]: S55proxy-conf=action|Event|console-save|Action|S55proxy-conf|Start|1029883591 751518|End|1029883592 935488|Elapsed|1.18397
Aug 20 15:46:32 Seaport5 e-smith[12394]: Running event handler: /etc/e-smith/events/console-save/S60conf-imp
Aug 20 15:46:34 Seaport5 e-smith[12394]: S60conf-imp=action|Event|console-save|Action|S60conf-imp|Start|1029883592 935981|End|1029883594 802084|Elapsed|1.866103
Aug 20 15:46:34 Seaport5 e-smith[12394]: Running event handler: /etc/e-smith/events/console-save/S60conf-pppoe
Aug 20 15:46:35 Seaport5 e-smith[12394]: S60conf-pppoe=action|Event|console-save|Action|S60conf-pppoe|Start|1029883594 802578|End|1029883595 365090|Elapsed|0.562512
Aug 20 15:46:35 Seaport5 e-smith[12394]: Running event handler: /etc/e-smith/events/console-save/S60conf-startup
Aug 20 15:46:36 Seaport5 e-smith[12394]: S60conf-startup=action|Event|console-save|Action|S60conf-startup|Start|1029883595 369224|End|1029883596 312382|Elapsed|0.943158
Aug 20 15:46:36 Seaport5 e-smith[12394]: Running event handler: /etc/e-smith/events/console-save/S60email-sighup
Aug 20 15:46:36 Seaport5 e-smith[12394]: S60email-sighup=action|Event|console-save|Action|S60email-sighup|Start|1029883596 312863|End|1029883596 421946|Elapsed|0.109083
Aug 20 15:46:36 Seaport5 e-smith[12394]: Running event handler: /etc/e-smith/events/console-save/S60ldap-conf
Aug 20 15:46:37 Seaport5 e-smith[12394]: S60ldap-conf=action|Event|console-save|Action|S60ldap-conf|Start|1029883596 425895|End|1029883597 447025|Elapsed|1.02113
Aug 20 15:46:37 Seaport5 e-smith[12394]: Running event handler: /etc/e-smith/events/console-save/S65conf-other
Aug 20 15:46:39 Seaport5 e-smith[12394]: S65conf-other=action|Event|console-save|Action|S65conf-other|Start|1029883597 447506|End|1029883599 286204|Elapsed|1.838698
Aug 20 15:46:39 Seaport5 e-smith[12394]: Running event handler: /etc/e-smith/events/console-save/S65sshd-conf
Aug 20 15:46:40 Seaport5 e-smith-bg: Key now has comment 'root@Seaport5.SeaPort5.com'
Aug 20 15:46:40 Seaport5 e-smith-bg: The comment in your key file has been changed.
Aug 20 15:46:40 Seaport5 e-smith[12394]: S65sshd-conf=action|Event|console-save|Action|S65sshd-conf|Start|1029883599 286696|End|1029883600 595402|Elapsed|1.308706
Aug 20 15:46:40 Seaport5 e-smith[12394]: Running event handler: /etc/e-smith/events/console-save/S70pptpd-conf-startup
Aug 20 15:46:41 Seaport5 e-smith[12394]: S70pptpd-conf-startup=action|Event|console-save|Action|S70pptpd-conf-startup|Start|1029883600 595884|End|1029883601 162659|Elapsed|0.566775
Aug 20 15:46:41 Seaport5 e-smith[12394]: Running event handler: /etc/e-smith/events/console-save/S70reload-httpd-admin
Aug 20 15:46:41 Seaport5 e-smith[12394]: S70reload-httpd-admin=action|Event|console-save|Action|S70reload-httpd-admin|Start|1029883601 166783|End|1029883601 762753|Elapsed|0.59597
Aug 20 15:46:41 Seaport5 e-smith[12394]: Running event handler: /etc/e-smith/events/console-save/S75reload-xinetd
Aug 20 15:46:41 Seaport5 xinetd[873]: Starting reconfiguration
Aug 20 15:46:41 Seaport5 xinetd[873]: readjusting service auth
Aug 20 15:46:41 Seaport5 xinetd[873]: readjusting service ftp
Aug 20 15:46:41 Seaport5 xinetd[873]: readjusting service telnet
Aug 20 15:46:41 Seaport5 xinetd[873]: readjusting service imap
Aug 20 15:46:41 Seaport5 xinetd[873]: readjusting service pop-3
Aug 20 15:46:41 Seaport5 xinetd[873]: Reconfigured: new=0 old=5 dropped=0 (services)
Aug 20 15:46:41 Seaport5 e-smith[12394]: S75reload-xinetd=action|Event|console-save|Action|S75reload-xinetd|Start|1029883601 766868|End|1029883601 862594|Elapsed|0.095726
Aug 20 15:46:41 Seaport5 e-smith[12394]: Running event handler: /etc/e-smith/events/console-save/S75restart-dhcpd
Aug 20 15:46:42 Seaport5 httpd-admin: httpd-admin -USR1 succeeded
Aug 20 15:46:42 Seaport5 e-smith-bg: Gracefully reloading e-smith httpd-admin: [   OK   ]^M
Aug 20 15:46:42 Seaport5 e-smith[12394]: S75restart-dhcpd=action|Event|console-save|Action|S75restart-dhcpd|Start|1029883601 866534|End|1029883602 895112|Elapsed|1.028578
Aug 20 15:46:42 Seaport5 e-smith[12394]: Running event handler: /etc/e-smith/events/console-save/S75restart-diald
Aug 20 15:46:43 Seaport5 e-smith[12394]: S75restart-diald=action|Event|console-save|Action|S75restart-diald|Start|1029883602 897060|End|1029883603 654346|Elapsed|0.757286
Aug 20 15:46:43 Seaport5 e-smith[12394]: Running event handler: /etc/e-smith/events/console-save/S75restart-httpd-full
Aug 20 15:46:44 Seaport5 e-smith[12394]: S75restart-httpd-full=action|Event|console-save|Action|S75restart-httpd-full|Start|1029883603 658517|End|1029883604 996175|Elapsed|1.337658
Aug 20 15:46:44 Seaport5 e-smith[12394]: Running event handler: /etc/e-smith/events/console-save/S80ldap-rebuild
Aug 20 15:46:45 Seaport5 dhcpd: dhcpd shutdown failed
Aug 20 15:46:45 Seaport5 e-smith-bg: Shutting down dhcpd: [ FAILED ]^M
Aug 20 15:46:45 Seaport5 diald: diald shutdown failed
Aug 20 15:46:45 Seaport5 e-smith-bg: Shutting down diald: [ FAILED ]^M
Aug 20 15:46:47 Seaport5 e-smith[12394]: S80ldap-rebuild=action|Event|console-save|Action|S80ldap-rebuild|Start|1029883605 347|End|1029883607 455651|Elapsed|2.455304
Aug 20 15:46:47 Seaport5 e-smith[12394]: Running event handler: /etc/e-smith/events/console-save/S80pptpd-conf
Aug 20 15:46:48 Seaport5 e-smith[12394]: S80pptpd-conf=action|Event|console-save|Action|S80pptpd-conf|Start|1029883607 456152|End|1029883608 205789|Elapsed|0.749637
Aug 20 15:46:48 Seaport5 e-smith[12394]: Running event handler: /etc/e-smith/events/console-save/S80sshd-reload
Aug 20 15:46:48 Seaport5 httpd-e-smith: httpd shutdown succeeded
Aug 20 15:46:48 Seaport5 e-smith-bg: Shutting down http: [   OK   ]^M
Aug 20 15:46:49 Seaport5 e-smith[12394]: S80sshd-reload=action|Event|console-save|Action|S80sshd-reload|Start|1029883608 209926|End|1029883609 372553|Elapsed|1.162627
Aug 20 15:46:49 Seaport5 e-smith[12394]: Running event handler: /etc/e-smith/events/console-save/S87restart-masq
Aug 20 15:46:51 Seaport5 sshd[1138]: Received signal 15; terminating.
Aug 20 15:46:51 Seaport5 sshd: sshd -TERM succeeded
Aug 20 15:46:51 Seaport5 e-smith-bg: Stopping sshd:[   OK   ]^M
Aug 20 15:46:51 Seaport5 sshd:  succeeded
Aug 20 15:46:51 Seaport5 sshd[12596]: Server listening on 192.168.2.5 port 22.
Aug 20 15:46:51 Seaport5 e-smith-bg: Starting sshd:[   OK   ]^M
Aug 20 15:46:51 Seaport5 e-smith[12394]:
Aug 20 15:46:52 Seaport5 e-smith[12394]: Shutting down IP masquerade and firewall rules:^I^IDone!
Aug 20 15:46:52 Seaport5 e-smith[12394]:
Aug 20 15:46:52 Seaport5 httpd-e-smith: httpd startup succeeded
Aug 20 15:46:52 Seaport5 e-smith-bg: Starting httpd: [   OK   ]^M
Aug 20 15:46:54 Seaport5 e-smith[12394]: Enabling IP masquerading: done
Aug 20 15:46:54 Seaport5 e-smith[12394]: S87restart-masq=action|Event|console-save|Action|S87restart-masq|Start|1029883609 376690|End|1029883614 624199|Elapsed|5.247509
Aug 20 15:46:54 Seaport5 e-smith[12394]: Running event handler: /etc/e-smith/events/console-save/S90atalk-restart
Aug 20 15:46:55 Seaport5 e-smith[12394]: S90atalk-restart=action|Event|console-save|Action|S90atalk-restart|Start|1029883614 624692|End|1029883615 290355|Elapsed|0.665663
Aug 20 15:46:55 Seaport5 e-smith[12394]: Running event handler: /etc/e-smith/events/console-save/S90init-reload
Aug 20 15:46:55 Seaport5 e-smith[12394]: S90init-reload=action|Event|console-save|Action|S90init-reload|Start|1029883615 294579|End|1029883615 415994|Elapsed|0.121415
Aug 20 15:46:55 Seaport5 e-smith[12394]: Running event handler: /etc/e-smith/events/console-save/S90named-reload
Aug 20 15:46:56 Seaport5 afpd[1519]: shutting down on signal 15
Aug 20 15:46:56 Seaport5 papd[1514]: unregister HP DeskJet 880C:LaserWriter@*
Aug 20 15:46:56 Seaport5 atalkd[1408]: done
Aug 20 15:46:56 Seaport5 e-smith-bg: Shutting down AppleTalk services:
Aug 20 15:46:56 Seaport5 e-smith-bg: Starting AppleTalk services: (backgrounded)
Aug 20 22:46:56 Seaport5 /usr/sbin/named[1495]: loading configuration from '/etc/named.conf'
Aug 20 15:46:56 Seaport5 e-smith[12394]: named reload returned non-zero at /etc/e-smith/events/console-save/S90named-reload line 41.
Aug 20 22:46:56 Seaport5 /usr/sbin/named[1495]: the default for the 'auth-nxdomain' option is now 'no'
Aug 20 22:46:56 Seaport5 /usr/sbin/named[1495]: no IPv6 interfaces found
Aug 20 15:46:56 Seaport5 e-smith[12394]: S90named-reload=action|Event|console-save|Action|S90named-reload|Start|1029883615 419995|End|1029883616 632997|Elapsed|1.213002
Aug 20 15:46:56 Seaport5 e-smith[12394]: Running event handler: /etc/e-smith/events/console-save/S90pptpd-restart
Aug 20 15:46:56 Seaport5 kernel: NET4: AppleTalk 0.18 for Linux NET4.0
Aug 20 15:46:56 Seaport5 atalkd[12819]: restart (1.5.2)
Aug 20 15:46:56 Seaport5 e-smith[12394]: S90pptpd-restart=action|Event|console-save|Action|S90pptpd-restart|Start|1029883616 633483|End|1029883616 935888|Elapsed|0.302405
Aug 20 15:46:56 Seaport5 e-smith[12394]: Running event handler: /etc/e-smith/events/console-save/S90proxy-restart
Aug 20 15:46:57 Seaport5 e-smith[12394]: S90proxy-restart=action|Event|console-save|Action|S90proxy-restart|Start|1029883616 939869|End|1029883617 521296|Elapsed|0.581427
Aug 20 15:46:57 Seaport5 e-smith[12394]: Running event handler: /etc/e-smith/events/console-save/S95reset-unsavedflag
Aug 20 15:46:57 Seaport5 atalkd[12819]: zip_getnetinfo for eth0
Aug 20 15:46:58 Seaport5 e-smith[12394]: S95reset-unsavedflag=action|Event|console-save|Action|S95reset-unsavedflag|Start|1029883617 525463|End|1029883618 349332|Elapsed|0.823869
Aug 20 15:46:58 Seaport5 e-smith[12373]: Starting Snort-MySQL...
Aug 20 15:46:58 Seaport5 kernel: eth1: Promiscuous mode enabled.
Aug 20 15:46:58 Seaport5 kernel: device eth1 entered promiscuous mode
Aug 20 15:46:58 Seaport5 snort-mysql: Initializing daemon mode
Aug 20 15:46:58 Seaport5 snortd: snort-mysql startup succeeded
Aug 20 15:46:58 Seaport5 e-smith[12373]: Starting snort: ^[[60G[   ^[[1;32mOK^[[0;39m   ]^M
Aug 20 15:46:58 Seaport5 e-smith[12373]:  
Aug 20 15:46:58 Seaport5 e-smith[12373]: ACID-SNORT Installation is complete.
Aug 20 15:46:58 Seaport5 e-smith[12373]:  
Aug 20 15:46:58 Seaport5 e-smith[12373]: To access the interface, open up your web browser and point it to:
Aug 20 15:46:58 Seaport5 e-smith[12373]:  
Aug 20 15:46:58 Seaport5 snort-mysql: PID stat checked out ok, PID set to /var/run/
Aug 20 15:46:58 Seaport5 snort-mysql: Writing PID file to "/var/run/"
Aug 20 15:46:58 Seaport5 snort-mysql: FATAL ERROR: database: mysql_error: Unknown database 'snort_log'
Aug 20 15:46:58 Seaport5 squid[1369]: Squid Parent: child process 1371 exited with status 0
Aug 20 15:46:58 Seaport5 kernel: device eth1 left promiscuous mode
Aug 20 15:46:59 Seaport5 e-smith[12373]: https://192.168.2.5/acid
Aug 20 15:46:59 Seaport5 e-smith[12373]:  
Aug 20 15:46:59 Seaport5 e-smith[12373]: You will be prompted for your admin username and password.
Aug 20 15:46:59 Seaport5 e-smith[12373]:  
Aug 20 15:46:59 Seaport5 e-smith[12373]: You will then be greeted with a screen that reads something
Aug 20 15:46:59 Seaport5 e-smith[12373]: like: The database version is valid, but the ACID DB structure
Aug 20 15:46:59 Seaport5 e-smith[12373]: is not present.
Aug 20 15:46:59 Seaport5 e-smith[12373]:  
Aug 20 15:46:59 Seaport5 e-smith[12373]: Use the Setup page to configure and optimize the DB.  Simply
Aug 20 15:46:59 Seaport5 e-smith[12373]: follow the Setup Page link and click on the Create ACID AG
Aug 20 15:46:59 Seaport5 e-smith[12373]: button on the left to proceed.
Aug 20 15:46:59 Seaport5 e-smith[12373]:  
Aug 20 15:47:00 Seaport5 e-smith-bg: Stopping squid: .[   OK   ]^M
Aug 20 15:47:00 Seaport5 e-smith-bg: Starting squid: [   OK   ]^M
Aug 20 15:47:00 Seaport5 squid[12860]: Squid Parent: child process 12862 started
Aug 20 15:47:02 Seaport5 e-smith[12373]: S10update-rpm-system=action|Event|update-rpm-system|Action|S10update-rpm-system|Start|1029883540 568990|End|1029883622 757086|Elapsed|82.188096
Aug 20 15:47:06 Seaport5 atalkd[12819]: zip_getnetinfo for eth0
Aug 20 15:47:16 Seaport5 atalkd[12819]: zip_getnetinfo for eth0
Aug 20 15:47:26 Seaport5 atalkd[12819]: config for no router
Aug 20 15:47:27 Seaport5 atalkd[12819]: ready 0/0/0
Aug 20 15:47:27 Seaport5 atalk: atalkd startup succeeded
Aug 20 15:47:40 Seaport5 papd[12876]: restart (1.5.2)
Aug 20 15:47:40 Seaport5 atalk: papd startup succeeded
Aug 20 15:47:40 Seaport5 atalk: afpd startup succeeded
Aug 20 15:47:46 Seaport5 papd[12876]: Authentication disabled: HP DeskJet 880C
Aug 20 15:47:46 Seaport5 papd[12876]: register HP DeskJet 880C:LaserWriter@*
Aug 20 15:47:46 Seaport5 afpd[12881]: Seaport5:AFPServer@* started on 65280.224:252 (1.5.2)
Aug 20 15:47:46 Seaport5 afpd[12881]: ASIP started on 192.168.2.5:548(2) (1.5.2)
Aug 20 15:47:46 Seaport5 afpd[12881]: uam: loading (/usr/lib/uams_clrtxt.so)
Aug 20 15:47:46 Seaport5 afpd[12881]: uam: uams_clrtxt.so loaded
Aug 20 15:47:46 Seaport5 afpd[12881]: uam: loading (/usr/lib/uams_dhx.so)
Aug 20 15:47:46 Seaport5 afpd[12881]: uam: uams_dhx.so loaded
Aug 20 15:47:46 Seaport5 afpd[12881]: uam: "DHCAST128" available
Aug 20 15:47:46 Seaport5 afpd[12881]: uam: "Cleartxt Passwrd" available
Aug 20 16:28:19 Seaport5 e-smith[13053]: Processing event: update-rpm-system
Aug 20 16:28:19 Seaport5 e-smith[13053]: Running event handler: /etc/e-smith/events/update-rpm-system/S10update-rpm-system
Aug 20 16:28:20 Seaport5 e-smith[13053]: Preparing...                ##################################################
Aug 20 16:28:20 Seaport5 e-smith[13053]: package ari-mitel-acid-1.0-11 is already installed
Aug 20 16:28:21 Seaport5 e-smith[13053]: S10update-rpm-system=action|Event|update-rpm-system|Action|S10update-rpm-system|Start|1029886099 167289|End|1029886101 469130|Elapsed|2.301841
Aug 20 18:09:58 Seaport5 sshd[13160]: Accepted password for root from 192.168.2.11 port 1743
Aug 20 18:09:58 Seaport5 sshd(pam_unix)[13160]: session opened for user root by (uid=0)
Aug 20 18:29:47 Seaport5 sshd(pam_unix)[13160]: session closed for user root
Aug 20 18:31:29 Seaport5 e-smith[13307]: Processing event: update-rpm-system
Aug 20 18:31:29 Seaport5 e-smith[13307]: Running event handler: /etc/e-smith/events/update-rpm-system/S10update-rpm-system
Aug 20 18:31:30 Seaport5 e-smith[13307]: Preparing...                ##################################################
Aug 20 18:31:30 Seaport5 e-smith[13307]: package libpcap-0.6.2-12 is already installed
Aug 20 18:31:31 Seaport5 e-smith[13307]: S10update-rpm-system=action|Event|update-rpm-system|Action|S10update-rpm-system|Start|1029893489 634102|End|1029893491 803973|Elapsed|2.169871
Aug 20 18:32:02 Seaport5 e-smith[13325]: Processing event: update-rpm-system
Aug 20 18:32:02 Seaport5 e-smith[13325]: Running event handler: /etc/e-smith/events/update-rpm-system/S10update-rpm-system
Aug 20 18:32:03 Seaport5 e-smith[13325]: Preparing...                ##################################################
Aug 20 18:32:03 Seaport5 e-smith[13325]: package snort-1.8.7-1snort is already installed
Aug 20 18:32:04 Seaport5 e-smith[13325]: S10update-rpm-system=action|Event|update-rpm-system|Action|S10update-rpm-system|Start|1029893522 326384|End|1029893524 657127|Elapsed|2.330743
Aug 20 18:32:20 Seaport5 e-smith[13343]: Processing event: update-rpm-system
Aug 20 18:32:20 Seaport5 e-smith[13343]: Running event handler: /etc/e-smith/events/update-rpm-system/S10update-rpm-system
Aug 20 18:32:20 Seaport5 e-smith[13343]: Preparing...                ##################################################
Aug 20 18:32:20 Seaport5 e-smith[13343]: package snort-mysql-1.8.7-1snort is already installed
Aug 20 18:32:22 Seaport5 e-smith[13343]: S10update-rpm-system=action|Event|update-rpm-system|Action|S10update-rpm-system|Start|1029893540 101400|End|1029893542 92123|Elapsed|1.990723
Aug 20 18:32:49 Seaport5 e-smith[13361]: Processing event: update-rpm-system
Aug 20 18:32:49 Seaport5 e-smith[13361]: Running event handler: /etc/e-smith/events/update-rpm-system/S10update-rpm-system
Aug 20 18:32:50 Seaport5 e-smith[13361]: Preparing...                ##################################################
Aug 20 18:32:50 Seaport5 e-smith[13361]: package ari-mitel-acid-1.0-11 is already installed
Aug 20 18:32:52 Seaport5 e-smith[13361]: S10update-rpm-system=action|Event|update-rpm-system|Action|S10update-rpm-system|Start|1029893569 888643|End|1029893572 128397|Elapsed|2.239754

All the errors seem to point to not being able to create a database or attempts to populate it.
Can I create the database?
 
What is my next step?
Logged

David Pennycuick

Re: snort Acid
« Reply #8 on: August 23, 2002, 05:42:20 PM »
Dave

Not exactly on topic, but this error in your log......

Aug 20 15:46:15 Seaport5 e-smith[12394]: ERROR 1061 at line 74: Duplicate key name 'category_category_name_idx'

is exactly the same error that I am getting in my log after I try to set up the Email Retrieval parameters.

I wonder if this is why I can't seem to get the email pick up to work?  If so,  what to do about it.

regards

David
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: snort Acid