What does it mean?
Snortsam logs
2018/12/30, 03:16:22, -, 1, snortsam, Starting to listen for Snort alerts.
2019/01/01, 22:14:06, 127.0.0.1, 1, snortsam, Snort station 127.0.0.1 using wrong password, trying to re-sync.
2019/01/01, 22:14:56, -, 1, snortsam, Starting to listen for Snort alerts.
2019/01/01, 22:15:00, -, 1, snortsam, Starting to listen for Snort alerts.
2019/01/01, 22:20:37, -, 1, snortsam, Starting to listen for Snort alerts.
2019/01/04, 12:44:52, -, 1, snortsam, Starting to listen for Snort alerts.
Snortsam logs
2018/12/30, 03:16:22, -, 1, snortsam, Starting to listen for Snort alerts.
2019/01/01, 22:14:06, 127.0.0.1, 1, snortsam, Snort station 127.0.0.1 using wrong password, trying to re-sync.
2019/01/01, 22:14:56, -, 1, snortsam, Starting to listen for Snort alerts.
2019/01/01, 22:15:00, -, 1, snortsam, Starting to listen for Snort alerts.
2019/01/01, 22:20:37, -, 1, snortsam, Starting to listen for Snort alerts.
2019/01/04, 12:44:52, -, 1, snortsam, Starting to listen for Snort alerts.
In Log Viewer
Share this post:
Responses (7)
-
Accepted Answer
-
Accepted Answer
Then I will ask another question, watching Messages logs show all the time:
This message always appears repeatedly, maybe the system works wrong?
Jan 7 12:27:51 gateway systemd: netifyd.service holdoff time over, scheduling restart.
Jan 7 12:27:51 gateway systemd: Starting Netify Agent...
Jan 7 12:27:51 gateway systemd: getty@tty1.service has no holdoff time, scheduling restart.
Jan 7 12:27:51 gateway systemd: Started Getty on tty1.
Jan 7 12:27:51 gateway systemd: Starting Getty on tty1...
Jan 7 12:27:51 gateway systemd-logind: Removed session 943.
Jan 7 12:27:51 gateway systemd: Removed slice User Slice of clearconsole.
Jan 7 12:27:51 gateway systemd: Stopping User Slice of clearconsole.
Jan 7 12:27:51 gateway systemd: PID file /var/run/netifyd/netifyd.pid not readable (yet?) after start.
Jan 7 12:27:51 gateway netifyd[10960]: Netify Agent/2.82 (x86_64; conntrack; netlink; dns-cache; plugins; tcmalloc) nDPI/2.5.0 JSON/1.60 -
Accepted Answer
I cut down on a lot of the logging by setting "LogLevel=notice" in /etc/systemd/system.conf. You can also temporarily issue the command "systemd-analyze set-log-level notice"
I am more concerned about the netifyd stuff - the application and protocol filters. Can you try restarting them and checking for messages? -
Accepted Answer
-
Accepted Answer
-
Accepted Answer
Nick Howitt wrote:
If you have the free rule set, it is very old and contains no blocking rules. Do you have the free rules or do you get the IDS updates?
I install free IDS, https://www.clearos.com/clearfoundation/software/clearos-7-community/marketplace/gateway/Intrusion_Detection_System -
Accepted Answer
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »