SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0000654: The GUI interface is not displaying snort related alerts - MantisBT Endian Bugtracker
Endian Issue Tracker





Please see now our new Bugtracker system: JIRA








View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0000654Endian FirewallGUIpublic2008-04-03 14:492008-04-23 17:41
Reporterpapoux_gallant 
Assigned Tora-endian 
PrioritynormalSeveritytweakReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version2.2-beta3 
Target Version2.2-beta4Fixed in Version2.2-beta4 
Summary0000654: The GUI interface is not displaying snort related alerts
DescriptionDear EFW support,

Under Logs - Service - IDS,
I get the following error message:
No (or only partial) logs exist for the given day: /var/log/snort/alert could not be opened

I configured the IDS service to analyze GREEN Snort, ORANGE Snort and RED Snort.
Using the console access I can see that the following files are present:

root@efw:/var/openvpn # ls -l /var/log/snort/
total 216
-rw-r----- 1 snort nobody 87 Apr 3 10:34 alert
-rw-rw-r-- 1 snort snort 103 Feb 14 23:57 alert-20080214.gz
-rw-rw-r-- 1 snort snort 207 Feb 15 23:57 alert-20080215.gz
-rw-rw-r-- 1 snort snort 20 Feb 16 23:57 alert-20080216.gz
-rw-rw-r-- 1 snort snort 20 Feb 17 23:57 alert-20080217.gz
-rw-rw-r-- 1 snort snort 20 Feb 18 23:57 alert-20080218.gz
-rw-rw-r-- 1 snort snort 20 Feb 19 23:57 alert-20080219.gz
-rw-rw-r-- 1 snort snort 165 Feb 20 23:57 alert-20080220.gz
-rw-rw-r-- 1 snort snort 20 Feb 21 23:57 alert-20080221.gz
-rw-rw-r-- 1 snort snort 189 Feb 22 23:57 alert-20080222.gz
-rw-rw-r-- 1 snort snort 20 Feb 23 23:57 alert-20080223.gz
-rw-rw-r-- 1 snort snort 20 Feb 24 23:57 alert-20080224.gz
-rw-rw-r-- 1 snort snort 20 Feb 25 23:57 alert-20080225.gz
-rw-rw-r-- 1 snort snort 20 Feb 26 23:57 alert-20080226.gz
-rw-rw-r-- 1 snort snort 20 Feb 27 23:57 alert-20080227.gz
-rw-rw-r-- 1 snort snort 20 Feb 28 23:57 alert-20080228.gz
-rw-rw-r-- 1 snort snort 20 Feb 29 23:57 alert-20080229.gz
-rw-rw-r-- 1 snort snort 20 Mar 1 23:57 alert-20080301.gz
-rw-rw-r-- 1 snort snort 20 Mar 2 23:57 alert-20080302.gz
-rw-rw-r-- 1 snort snort 20 Mar 3 23:57 alert-20080303.gz
-rw-rw-r-- 1 snort snort 20 Mar 4 23:57 alert-20080304.gz
-rw-rw-r-- 1 snort snort 20 Mar 5 23:57 alert-20080305.gz
-rw-rw-r-- 1 snort snort 20 Mar 6 23:57 alert-20080306.gz
-rw-rw-r-- 1 snort snort 20 Mar 7 23:57 alert-20080307.gz
-rw-rw-r-- 1 snort snort 20 Mar 8 23:57 alert-20080308.gz
-rw-rw-r-- 1 snort snort 20 Mar 9 23:57 alert-20080309.gz
-rw-rw-r-- 1 snort snort 20 Mar 10 23:57 alert-20080310.gz
-rw-rw-r-- 1 snort snort 20 Mar 11 23:57 alert-20080311.gz
-rw-rw-r-- 1 snort snort 20 Mar 12 23:57 alert-20080312.gz
-rw-rw-r-- 1 snort snort 20 Mar 13 23:57 alert-20080313.gz
-rw-rw-r-- 1 snort snort 20 Mar 14 23:57 alert-20080314.gz
-rw-rw-r-- 1 snort snort 20 Mar 15 23:57 alert-20080315.gz
-rw-rw-r-- 1 snort snort 20 Mar 16 23:57 alert-20080316.gz
-rw-rw-r-- 1 snort snort 20 Mar 17 23:57 alert-20080317.gz
-rw-rw-r-- 1 snort snort 20 Mar 18 23:57 alert-20080318.gz
-rw-rw-r-- 1 snort snort 20 Mar 19 23:57 alert-20080319.gz
-rw-rw-r-- 1 snort snort 20 Mar 20 23:57 alert-20080320.gz
-rw-rw-r-- 1 snort snort 20 Mar 21 23:57 alert-20080321.gz
-rw-rw-r-- 1 snort snort 20 Mar 22 23:57 alert-20080322.gz
-rw-rw-r-- 1 snort snort 20 Mar 23 23:57 alert-20080323.gz
-rw-rw-r-- 1 snort snort 20 Mar 24 23:57 alert-20080324.gz
-rw-rw-r-- 1 snort snort 20 Mar 25 23:57 alert-20080325.gz
-rw-rw-r-- 1 snort snort 20 Mar 26 23:57 alert-20080326.gz
-rw-rw-r-- 1 snort snort 20 Mar 28 12:47 alert-20080328.gz
-rw-rw-r-- 1 snort snort 231 Mar 29 23:57 alert-20080329.gz
-rw-rw-r-- 1 snort snort 20 Mar 30 23:57 alert-20080330.gz
-rw-rw-r-- 1 snort snort 1218 Mar 31 23:57 alert-20080331.gz
-rw-rw-r-- 1 snort snort 8451 Apr 1 23:57 alert-20080401.gz
-rw-rw-r-- 1 snort snort 199 Apr 2 23:57 alert-20080402.gz
drwxrwxr-x 2 snort snort 4096 Apr 2 14:42 br0
drwxrwxr-x 2 snort snort 4096 Apr 2 14:42 br1
drwxrwxr-x 2 snort snort 4096 Apr 2 14:42 eth1
-rw-rw-r-- 1 snort snort 0 Feb 15 09:43 snort.log.1203086617

root@efw:/var/openvpn # ls -l /var/log/snort/br0
total 16
-rw-rw-r-- 1 snort snort 492 Apr 2 13:53 alert
-rw-rw-r-- 1 snort snort 2141 Feb 27 15:57 snort.log.1203506915
-rw-rw-r-- 1 snort snort 0 Mar 28 15:24 snort.log.1206732249
-rw-rw-r-- 1 snort snort 2419 Mar 28 15:36 snort.log.1206732999
-rw-rw-r-- 1 snort snort 0 Mar 31 09:28 snort.log.1206970114
-rw-rw-r-- 1 snort snort 0 Mar 31 09:28 snort.log.1206970124
-rw-rw-r-- 1 snort snort 0 Apr 2 13:49 snort.log.1207158561
-rw-rw-r-- 1 snort snort 0 Apr 2 13:50 snort.log.1207158639
-rw-rw-r-- 1 snort snort 216 Apr 2 13:53 snort.log.1207158727
-rw-rw-r-- 1 snort snort 0 Apr 2 14:41 snort.log.1207161667
-rw-rw-r-- 1 snort snort 0 Apr 2 14:42 snort.log.1207161745

root@efw:/var/openvpn # ls -l /var/log/snort/br1
total 0
-rw-rw-r-- 1 snort snort 0 Feb 20 10:03 alert
-rw-rw-r-- 1 snort snort 0 Feb 20 06:28 snort.log.1203506915
-rw-rw-r-- 1 snort snort 0 Feb 20 10:03 snort.log.1203519801
-rw-rw-r-- 1 snort snort 0 Mar 28 13:07 snort.log.1206724055
-rw-rw-r-- 1 snort snort 0 Mar 28 14:30 snort.log.1206729005
-rw-rw-r-- 1 snort snort 0 Mar 28 15:24 snort.log.1206732249
-rw-rw-r-- 1 snort snort 0 Mar 28 15:36 snort.log.1206732999
-rw-rw-r-- 1 snort snort 0 Mar 31 09:28 snort.log.1206970124
-rw-rw-r-- 1 snort snort 0 Apr 2 13:49 snort.log.1207158561
-rw-rw-r-- 1 snort snort 0 Apr 2 13:50 snort.log.1207158639
-rw-rw-r-- 1 snort snort 0 Apr 2 13:52 snort.log.1207158727
-rw-rw-r-- 1 snort snort 0 Apr 2 14:21 snort.log.1207160467
-rw-rw-r-- 1 snort snort 0 Apr 2 14:41 snort.log.1207161667
-rw-rw-r-- 1 snort snort 0 Apr 2 14:42 snort.log.1207161745

root@efw:/var/openvpn # ls -l /var/log/snort/eth1
total 20
-rw-rw-r-- 1 snort snort 7135 Mar 28 13:07 alert
-rw-rw-r-- 1 snort snort 7158 Mar 27 16:09 snort.log.1203506916
-rw-rw-r-- 1 snort snort 100 Mar 28 13:07 snort.log.1206724055
-rw-rw-r-- 1 snort snort 0 Mar 28 15:24 snort.log.1206732250
-rw-rw-r-- 1 snort snort 0 Apr 2 13:50 snort.log.1207158640
-rw-rw-r-- 1 snort snort 0 Apr 2 14:41 snort.log.1207161669
-rw-rw-r-- 1 snort snort 0 Apr 2 14:42 snort.log.1207161746


The only information contained in the "/var/log/snort/alert" file is:
Apr 3 10:34:32 efw sshd(pam_unix)[29031]: session opened for user root by root(uid=0)

Real logs are in "/var/log/snort/br0/alert", "/var/log/snort/br1/alert" and "/var/log/snort/eth1/alert" files.

Best regards,

Paul Gallant
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
There are no notes attached to this issue.

- Issue History
Date Modified Username Field Change
2008-04-03 14:49 papoux_gallant New Issue
2008-04-08 08:00 peter-endian Target Version => 2.2-beta4
2008-04-08 08:00 peter-endian Status new => acknowledged
2008-04-22 09:10 ra-endian Status acknowledged => resolved
2008-04-22 09:10 ra-endian Fixed in Version => 2.2-beta4
2008-04-22 09:10 ra-endian Resolution open => fixed
2008-04-22 09:10 ra-endian Assigned To => ra-endian
2008-04-23 17:41 peter-endian Status resolved => closed

Copyright © 2005-2008 Endian, SRL. All rights reserved.


Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker