Search found 294 matches

by axel2078
February 19th, 2013, 6:36 pm
Forum: IPFire in General
Topic: automated backup solution
Replies: 11
Views: 3363

Re: automated backup solution

I´m pretty sure this could be done by Cron with a little amout of investigation of IPFire backup job. Maybe adding some features to your own script would be enough. I´ll try to make one since I need a backup... If works fine, I´ll post-it here. Hello, Andremorro. I was just wondering if you had a c...
by axel2078
February 19th, 2013, 6:34 pm
Forum: IPFire in General
Topic: [SOLVED] no IDS logs??
Replies: 30
Views: 7904

Re: no IDS logs??

Very interesting... I used smoothwall once, and I panic everytime I saw IDS/IPS logs and later I found out that it was "commom" since I could not select the rules, thats why you probably don´t see much. And be calm, you probably don´t see much cuz there isn´t much to see, only if you sele...
by axel2078
February 19th, 2013, 5:16 pm
Forum: IPFire in General
Topic: [SOLVED] no IDS logs??
Replies: 30
Views: 7904

Re: no IDS logs??

andremoro:  I've upgraded to 2.13 today, and also deselected many rules.  I now have only two rules selected.  Let's wait and see what happens. As for memory "system": {             "kernel_release": "3.2.38-ipfire-pae", &nb...
by axel2078
February 19th, 2013, 5:11 pm
Forum: IPFire in General
Topic: [SOLVED] no IDS logs??
Replies: 30
Views: 7904

Re: no IDS logs??

All right then! As I can see here, the last log file was written in 2013-02-14 (5 days ago) the same day you wrote this! -rw-r--r-- 1 root root  0 [b]2013-02-14[/b] 19:05 snort.log.1360890316 So, you have logs. Next step, is to check if you´re under attack or possibles attack. Try usin some of...
by axel2078
February 18th, 2013, 5:50 pm
Forum: Generelle Fragen
Topic: Problems with snort
Replies: 4
Views: 897

Re: Problems with snort

To answer your question, I guess the biggest reason that I use snort and guardian is because I also used it when I was running Smoothwall on the same hardware (and memory) and it worked quite well. Perhaps Smoothwall and IPfire handle snort and IDS rules very differently, I don't know.
by axel2078
February 18th, 2013, 3:43 pm
Forum: Generelle Fragen
Topic: Problems with snort
Replies: 4
Views: 897

Problems with snort

As you documented in the other thread snort is writing to logs, namely /var/log/messages! Have you tried with less rule sets? Perhaps it is really a memory problem. I thought 2 GB would be more than enough to support 5 rule sets but I will try backing it down to one rule set and see what happens.
by axel2078
February 18th, 2013, 3:36 pm
Forum: Generelle Fragen
Topic: Problems with snort
Replies: 4
Views: 897

Problems with snort

My last post was a bad translation thanks to Google Translate so I decided to try again in English.  I posted a similar topic in the international section but haven't received many responses so I decided to try here. The problem is that snort doesn't seem to be writing to any logs and I don't k...
by axel2078
February 18th, 2013, 3:27 pm
Forum: IPFire in General
Topic: [SOLVED] no IDS logs??
Replies: 30
Views: 7904

no IDS logs??

Arne.F wrote:Maybee there is a bug in snort. Or you have not enough memory.


2 GB isn't enough?
by axel2078
February 17th, 2013, 7:50 pm
Forum: Generelle Fragen
Topic: IDS rules
Replies: 1
Views: 582

IDS rules

Hallo. Ich stellte diese im internationalen Bereich, aber bekommen haben wenige Antworten. Vielleicht ist dies, weil ich ein englischer Muttersprachler bin? Bitte verzeihen Sie mein Deutsch, wenn es nicht sinnvoll ist. Ich spreche etwas Deutsch und musste mit Google Translate, mich hier zu helfen. D...
by axel2078
February 17th, 2013, 7:42 pm
Forum: IPFire in General
Topic: [SOLVED] no IDS logs??
Replies: 30
Views: 7904

Re: no IDS logs??

I noticed this in /var/log/messages.  Does this indicate a problem with snort? Feb 17 07:53:00 ipfire snort[4919]: S5: Session exceeded configured max bytes to queue 1048576 using 1049204 bytes (client queue). 75.132.x.x 60511 --> 108.175.38.100 80 (0) : LWstate 0x9 LWFlags 0x406007 Feb 17 08:1...
by axel2078
February 17th, 2013, 1:54 am
Forum: Development
Topic: IPFire 2.13 - Testers wanted!
Replies: 108
Views: 30366

IPFire 2.13 - Testers wanted!

Have you enabled IDS and Content Filter with log. If not there is nothing to display. I don't use the content filter log, but as far as IDS goes, I have snort selected for Red and have some rules selected as well.  Am I missing something? That should be all that's necessary to activate snort, ...
by axel2078
February 15th, 2013, 9:29 pm
Forum: IPFire in General
Topic: [SOLVED] no IDS logs??
Replies: 30
Views: 7904

Re: no IDS logs??

Mine is a brand new installation as well and I'm kind of surprised that this doesn't work. Does it depend on which rule sets you choose for snort or something? I don't get it.
by axel2078
February 15th, 2013, 1:07 am
Forum: IPFire in General
Topic: [SOLVED] no IDS logs??
Replies: 30
Views: 7904

Re: no IDS logs??

I killed snort and ran the command you gave and it did yield the output you showed, plus a lot more before it. I restarted snort and took a look at the contents of the snort directory and as you can see, nothing is being written to any log. -rw-r--r-- 1 root root  0 2013-02-10 00:01 alert -rw-r...
by axel2078
February 14th, 2013, 7:18 pm
Forum: IPFire in General
Topic: [SOLVED] no IDS logs??
Replies: 30
Views: 7904

Re: no IDS logs??

I haven't tried this, but I will. What's the correct syntax to stop and start snort from the command line?
by axel2078
February 14th, 2013, 4:03 pm
Forum: IPFire in General
Topic: [SOLVED] no IDS logs??
Replies: 30
Views: 7904

Re: no IDS logs??

Anyone? Surely this can be resolved somehow. The Guardian add-on is essentially useless if there are no logs for it to act on.