Hosting Provided By

Fwd: Re: [Snort-users] abnormal spade behavior!

From: Mahdi Kefayati <kefaiati(at)yahoo.com>
Date: Tue Feb 25 2003 - 14:32:54 EST

Note: forwarded message attached.

Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, and more

attached mail follows:

In the Name of the Dearest
Dear James
AsIdon have access to my IDS now and you know spade versions are somehowcomplicated I don't know what versionI use, Just I know it's the version comming with snort-stable (1.9.0) and I'vedownloaded it about 2weeks ago. I've read the Documentation. I myself enabled the survey also enabled database reporting and I saw some alerts there, survey files are also created.But spade.rcv is never created. spade.log was created at some start ups but was empty andsome times there wereamessage telling that snort is okbut spade has shut down! by the way I'm using snort 1.9.0 on redhat 8.0, AMD Athlon 900 + 128MB of RAM. and I run a fresh proccess of snort for spade with no rules, just spade preproccessors and database output. Regards
Mahdi Kefayati
James Hoagland <jim@SiliconDefense.com> wrote:At 12:31 AM -0800 2/24/03, Mahdi Kefayati wrote:
>In the Name of the Dearest

Mahdi,

What version of Spade are you using?

Note that the spade.rcv file will only be created periodically (by default after 50000 updates), on certain signals, and on snort exit. Spade.log is only created on snort exit.

Do you need help?

Also, if you are using the standard configuration, you should not be seeing any survey files since survey mode is disabled in that document.

Kind regards,

Jim

-- 
|* Jim Hoagland, Associate Researcher, Silicon Defense *|
|* --- Silicon Defense: The Cyberwar Defense Company --- *|
|* 
jim(at)SiliconDefense.com, 
http://www.silicondefense.com/ *|
|* Voice: (530) 756-7317 Fax: (530) 756-7297 *|


---------------------------------
Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, and more



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Received on Tue Feb 25 14:36:50 2003

This message: [ Message body ]
Next message: Jack Whitsitt (jofny): "Re: [Snort-users] Snort output plugins query"
Previous message: Matt Kettler: "Re: [Snort-users] Snort output plugins query"
In reply to James Hoagland: "Re: [Snort-users] abnormal spade behavior!"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 11:49:54 EDT