Snort mailing list archives
Question about snortcenter on OpenBSD 3.4
From: Jon <j5n0rt5678 () yahoo com>
Date: Mon, 26 Jan 2004 06:40:32 -0800 (PST)
I have searched and worked this problem I am having for days and cannot get past it. I am building an OpenBSD standalone snort box, with mysql, ACID, and snortcenter with the following: OpenBSD 3.4 Snort 2.1.0 Apache/1.3.28 (Unix) PHP/4.3.3 mod_ssl/2.8.15 OpenSSL/0.9.7b MySQL 3.23.57 libcurl/7.10.5 OpenSSL/0.9.7b ipv6 zlib/1.1.4 Everything works great, except for snortcenter. Snortcenter cannot connect to agents, and cannot get updates from the Internet. I can populate to MySQL using snortcenter, such as manually importing snort rules from files, adding sensors, etc. However, snortcenter cannot connect to any agents, not the local agent, not other (remote) agents. I have a working snort/mysql/acid/snortcenter box running on Redhat with no problems. The Linux snortcenter is able to manage the sensor agent on my OpenBSD box. I verified that PHP can call cURL by browsing to a file in my snortcenter directory that I created with the following info: <?php $url = "http://www.sourceforge.net/"; $file = "./temp/sf.index.html"; $ch = curl_init ($url); $fp = fopen ($file, "w") or die("Unable to open $file for writing.\n"); curl_setopt ($ch, CURLOPT_FILE, $fp); curl_setopt ($ch, CURLOPT_FAILONERROR, true); curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1); if (!curl_exec ($ch)) { print("Unable to fetch $url.\n"); } curl_close ($ch); fclose ($fp); ?> This script does create the /temp/sf.index.html file. Snortcenter is unable to connect to any agents. I am not using SSL at the moment. Things I can do: 1. While on the OpenBSD console, I can lynx to localhost:2525 2. While on any other workstation, I can browse to Openbsdhost:2525 3. While on linux snortcenter, I can connect to Openbsd snortcenter agent and manage. Things I cannot do: 1. While on OpenBSD snortcenter, I cannot connect to any snortcenter agents, not the local one, nor the linux one. I have my miniserv.conf file as follows: port=2525 bind= root=/usr/local/bin/snortagent/sensor/cgi host=snorthost.stigroup.net addtype_cgi=internal/cgi realm=SnortCenter Sensor logfile=/var/log/snort/miniserv.log pidfile=/var/log/snort/miniserv.pid errorlog=/var/log/snort/miniserv.error logtime=168 ssl=0 env_SENSOR_CONFIG=/etc/snort env_SENSOR_VAR=/var/log/snort atboot=1 logout=/etc/snort/logout-flag denyfile=\.pl$ log=1 blockhost_failures=500 blockhost_time=60 passdelay=1 syslog=1 allow= session=0 userfile=/etc/snort/sensor.users keyfile=/etc/snort/sensor.pem When I configure my php.ini file to display_errors, then browse to snortcenter, I get a bunch of Notice messages, eg: Notice: Use of undefined constant sensors - assumed 'sensors' in /htdocs/snortcenter/languages/en/lang.en.php on line 328 Notice: Use of undefined constant sensor_config - assumed 'sensor_config' in /htdocs/snortcenter/languages/en/lang.en.php on line 329 Notice: Use of undefined constant update_rules - assumed 'update_rules' in /htdocs/snortcenter/languages/en/lang.en.php on line 330 Notice: Use of undefined constant rules - assumed 'rules' in /htdocs/snortcenter/languages/en/lang.en.php on line 331 Notice: Use of undefined constant vars - assumed 'vars' in /htdocs/snortcenter/languages/en/lang.en.php on line 332 I have tried reconfiguring php.ini with register_global=on and =off, with no success. Any help you can give me is really appreciated! Regards, Jon __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free web site building tool. Try it! http://webhosting.yahoo.com/ps/sb/ ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Question about snortcenter on OpenBSD 3.4 Jon (Jan 28)