SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264
MantisBT - Endian Firewall | |||||
| View Issue Details | |||||
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0000654 | Endian Firewall | GUI | public | 2008-04-03 14:49 | 2008-04-23 17:41 |
| Reporter | papoux_gallant | ||||
| Assigned To | ra-endian | ||||
| Priority | normal | Severity | tweak | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Platform | OS | OS Version | |||
| Product Version | 2.2-beta3 | ||||
| Target Version | 2.2-beta4 | Fixed in Version | 2.2-beta4 | ||
| Customer Importance | |||||
| Customer Occurrences | |||||
| Queue | |||||
| Summary | 0000654: The GUI interface is not displaying snort related alerts | ||||
| Description | Dear EFW support, Under Logs - Service - IDS, I get the following error message: No (or only partial) logs exist for the given day: /var/log/snort/alert could not be opened I configured the IDS service to analyze GREEN Snort, ORANGE Snort and RED Snort. Using the console access I can see that the following files are present: root@efw:/var/openvpn # ls -l /var/log/snort/ total 216 -rw-r----- 1 snort nobody 87 Apr 3 10:34 alert -rw-rw-r-- 1 snort snort 103 Feb 14 23:57 alert-20080214.gz -rw-rw-r-- 1 snort snort 207 Feb 15 23:57 alert-20080215.gz -rw-rw-r-- 1 snort snort 20 Feb 16 23:57 alert-20080216.gz -rw-rw-r-- 1 snort snort 20 Feb 17 23:57 alert-20080217.gz -rw-rw-r-- 1 snort snort 20 Feb 18 23:57 alert-20080218.gz -rw-rw-r-- 1 snort snort 20 Feb 19 23:57 alert-20080219.gz -rw-rw-r-- 1 snort snort 165 Feb 20 23:57 alert-20080220.gz -rw-rw-r-- 1 snort snort 20 Feb 21 23:57 alert-20080221.gz -rw-rw-r-- 1 snort snort 189 Feb 22 23:57 alert-20080222.gz -rw-rw-r-- 1 snort snort 20 Feb 23 23:57 alert-20080223.gz -rw-rw-r-- 1 snort snort 20 Feb 24 23:57 alert-20080224.gz -rw-rw-r-- 1 snort snort 20 Feb 25 23:57 alert-20080225.gz -rw-rw-r-- 1 snort snort 20 Feb 26 23:57 alert-20080226.gz -rw-rw-r-- 1 snort snort 20 Feb 27 23:57 alert-20080227.gz -rw-rw-r-- 1 snort snort 20 Feb 28 23:57 alert-20080228.gz -rw-rw-r-- 1 snort snort 20 Feb 29 23:57 alert-20080229.gz -rw-rw-r-- 1 snort snort 20 Mar 1 23:57 alert-20080301.gz -rw-rw-r-- 1 snort snort 20 Mar 2 23:57 alert-20080302.gz -rw-rw-r-- 1 snort snort 20 Mar 3 23:57 alert-20080303.gz -rw-rw-r-- 1 snort snort 20 Mar 4 23:57 alert-20080304.gz -rw-rw-r-- 1 snort snort 20 Mar 5 23:57 alert-20080305.gz -rw-rw-r-- 1 snort snort 20 Mar 6 23:57 alert-20080306.gz -rw-rw-r-- 1 snort snort 20 Mar 7 23:57 alert-20080307.gz -rw-rw-r-- 1 snort snort 20 Mar 8 23:57 alert-20080308.gz -rw-rw-r-- 1 snort snort 20 Mar 9 23:57 alert-20080309.gz -rw-rw-r-- 1 snort snort 20 Mar 10 23:57 alert-20080310.gz -rw-rw-r-- 1 snort snort 20 Mar 11 23:57 alert-20080311.gz -rw-rw-r-- 1 snort snort 20 Mar 12 23:57 alert-20080312.gz -rw-rw-r-- 1 snort snort 20 Mar 13 23:57 alert-20080313.gz -rw-rw-r-- 1 snort snort 20 Mar 14 23:57 alert-20080314.gz -rw-rw-r-- 1 snort snort 20 Mar 15 23:57 alert-20080315.gz -rw-rw-r-- 1 snort snort 20 Mar 16 23:57 alert-20080316.gz -rw-rw-r-- 1 snort snort 20 Mar 17 23:57 alert-20080317.gz -rw-rw-r-- 1 snort snort 20 Mar 18 23:57 alert-20080318.gz -rw-rw-r-- 1 snort snort 20 Mar 19 23:57 alert-20080319.gz -rw-rw-r-- 1 snort snort 20 Mar 20 23:57 alert-20080320.gz -rw-rw-r-- 1 snort snort 20 Mar 21 23:57 alert-20080321.gz -rw-rw-r-- 1 snort snort 20 Mar 22 23:57 alert-20080322.gz -rw-rw-r-- 1 snort snort 20 Mar 23 23:57 alert-20080323.gz -rw-rw-r-- 1 snort snort 20 Mar 24 23:57 alert-20080324.gz -rw-rw-r-- 1 snort snort 20 Mar 25 23:57 alert-20080325.gz -rw-rw-r-- 1 snort snort 20 Mar 26 23:57 alert-20080326.gz -rw-rw-r-- 1 snort snort 20 Mar 28 12:47 alert-20080328.gz -rw-rw-r-- 1 snort snort 231 Mar 29 23:57 alert-20080329.gz -rw-rw-r-- 1 snort snort 20 Mar 30 23:57 alert-20080330.gz -rw-rw-r-- 1 snort snort 1218 Mar 31 23:57 alert-20080331.gz -rw-rw-r-- 1 snort snort 8451 Apr 1 23:57 alert-20080401.gz -rw-rw-r-- 1 snort snort 199 Apr 2 23:57 alert-20080402.gz drwxrwxr-x 2 snort snort 4096 Apr 2 14:42 br0 drwxrwxr-x 2 snort snort 4096 Apr 2 14:42 br1 drwxrwxr-x 2 snort snort 4096 Apr 2 14:42 eth1 -rw-rw-r-- 1 snort snort 0 Feb 15 09:43 snort.log.1203086617 root@efw:/var/openvpn # ls -l /var/log/snort/br0 total 16 -rw-rw-r-- 1 snort snort 492 Apr 2 13:53 alert -rw-rw-r-- 1 snort snort 2141 Feb 27 15:57 snort.log.1203506915 -rw-rw-r-- 1 snort snort 0 Mar 28 15:24 snort.log.1206732249 -rw-rw-r-- 1 snort snort 2419 Mar 28 15:36 snort.log.1206732999 -rw-rw-r-- 1 snort snort 0 Mar 31 09:28 snort.log.1206970114 -rw-rw-r-- 1 snort snort 0 Mar 31 09:28 snort.log.1206970124 -rw-rw-r-- 1 snort snort 0 Apr 2 13:49 snort.log.1207158561 -rw-rw-r-- 1 snort snort 0 Apr 2 13:50 snort.log.1207158639 -rw-rw-r-- 1 snort snort 216 Apr 2 13:53 snort.log.1207158727 -rw-rw-r-- 1 snort snort 0 Apr 2 14:41 snort.log.1207161667 -rw-rw-r-- 1 snort snort 0 Apr 2 14:42 snort.log.1207161745 root@efw:/var/openvpn # ls -l /var/log/snort/br1 total 0 -rw-rw-r-- 1 snort snort 0 Feb 20 10:03 alert -rw-rw-r-- 1 snort snort 0 Feb 20 06:28 snort.log.1203506915 -rw-rw-r-- 1 snort snort 0 Feb 20 10:03 snort.log.1203519801 -rw-rw-r-- 1 snort snort 0 Mar 28 13:07 snort.log.1206724055 -rw-rw-r-- 1 snort snort 0 Mar 28 14:30 snort.log.1206729005 -rw-rw-r-- 1 snort snort 0 Mar 28 15:24 snort.log.1206732249 -rw-rw-r-- 1 snort snort 0 Mar 28 15:36 snort.log.1206732999 -rw-rw-r-- 1 snort snort 0 Mar 31 09:28 snort.log.1206970124 -rw-rw-r-- 1 snort snort 0 Apr 2 13:49 snort.log.1207158561 -rw-rw-r-- 1 snort snort 0 Apr 2 13:50 snort.log.1207158639 -rw-rw-r-- 1 snort snort 0 Apr 2 13:52 snort.log.1207158727 -rw-rw-r-- 1 snort snort 0 Apr 2 14:21 snort.log.1207160467 -rw-rw-r-- 1 snort snort 0 Apr 2 14:41 snort.log.1207161667 -rw-rw-r-- 1 snort snort 0 Apr 2 14:42 snort.log.1207161745 root@efw:/var/openvpn # ls -l /var/log/snort/eth1 total 20 -rw-rw-r-- 1 snort snort 7135 Mar 28 13:07 alert -rw-rw-r-- 1 snort snort 7158 Mar 27 16:09 snort.log.1203506916 -rw-rw-r-- 1 snort snort 100 Mar 28 13:07 snort.log.1206724055 -rw-rw-r-- 1 snort snort 0 Mar 28 15:24 snort.log.1206732250 -rw-rw-r-- 1 snort snort 0 Apr 2 13:50 snort.log.1207158640 -rw-rw-r-- 1 snort snort 0 Apr 2 14:41 snort.log.1207161669 -rw-rw-r-- 1 snort snort 0 Apr 2 14:42 snort.log.1207161746 The only information contained in the "/var/log/snort/alert" file is: Apr 3 10:34:32 efw sshd(pam_unix)[29031]: session opened for user root by root(uid=0) Real logs are in "/var/log/snort/br0/alert", "/var/log/snort/br1/alert" and "/var/log/snort/eth1/alert" files. Best regards, Paul Gallant | ||||
| Steps To Reproduce | |||||
| Additional Information | |||||
| Tags | No tags attached. | ||||
| Relationships | |||||
| Attached Files | |||||
| Issue History | |||||
| Date Modified | Username | Field | Change | ||
| 2008-04-03 14:49 | papoux_gallant | New Issue | |||
| 2008-04-08 08:00 | peter-endian | Target Version | => 2.2-beta4 | ||
| 2008-04-08 08:00 | peter-endian | Status | new => acknowledged | ||
| 2008-04-22 09:10 | ra-endian | Status | acknowledged => resolved | ||
| 2008-04-22 09:10 | ra-endian | Fixed in Version | => 2.2-beta4 | ||
| 2008-04-22 09:10 | ra-endian | Resolution | open => fixed | ||
| 2008-04-22 09:10 | ra-endian | Assigned To | => ra-endian | ||
| 2008-04-23 17:41 | peter-endian | Status | resolved => closed | ||
| There are no notes attached to this issue. |