/security-onion

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

tcpflow 1.1.1 connection counter breaks Sguil's transcript window #254

Closed
GoogleCodeExporter opened this Issue Mar 24, 2015 · 11 comments

Comments

Assignees
No one assigned
Labels
Projects
None yet
Milestone
No milestone
1 participant
@GoogleCodeExporter
@GoogleCodeExporter

GoogleCodeExporter commented Mar 24, 2015 

Either comment out the connection counter code in flow.cpp or look at a newer 
version which may be more configurable

Original issue reported on code.google.com by doug.bu...@gmail.com on 12 Apr 2012 at 3:20
@GoogleCodeExporter

This comment has been minimized.

Show comment
Hide comment
@GoogleCodeExporter

GoogleCodeExporter Mar 24, 2015 

Should probably go with new version and use option:
-T%A.%a-%B.%b

Original comment by doug.bu...@gmail.com on 12 Apr 2012 at 3:32

  • Added labels: ****
  • Removed labels: ****

GoogleCodeExporter commented Mar 24, 2015 

Should probably go with new version and use option:
-T%A.%a-%B.%b

Original comment by doug.bu...@gmail.com on 12 Apr 2012 at 3:32

  • Added labels: ****
  • Removed labels: ****

@GoogleCodeExporter GoogleCodeExporter added Priority-Medium Type-Defect auto-migrated labels Mar 24, 2015

@GoogleCodeExporter GoogleCodeExporter closed this Mar 24, 2015

@GoogleCodeExporter

This comment has been minimized.

Show comment
Hide comment
@GoogleCodeExporter

GoogleCodeExporter Mar 24, 2015 

[deleted comment]

GoogleCodeExporter commented Mar 24, 2015 

[deleted comment]
@GoogleCodeExporter

This comment has been minimized.

Show comment
Hide comment
@GoogleCodeExporter

GoogleCodeExporter Mar 24, 2015 

[deleted comment]

GoogleCodeExporter commented Mar 24, 2015 

[deleted comment]
@GoogleCodeExporter

This comment has been minimized.

Show comment
Hide comment
@GoogleCodeExporter

GoogleCodeExporter Mar 24, 2015 

[deleted comment]

GoogleCodeExporter commented Mar 24, 2015 

[deleted comment]
@GoogleCodeExporter

This comment has been minimized.

Show comment
Hide comment
@GoogleCodeExporter

GoogleCodeExporter Mar 24, 2015 

[deleted comment]

GoogleCodeExporter commented Mar 24, 2015 

[deleted comment]
@GoogleCodeExporter

This comment has been minimized.

Show comment
Hide comment
@GoogleCodeExporter

GoogleCodeExporter Mar 24, 2015 

Download and compiled tcpflow 1.2.6 as follows:

wget https://github.com/downloads/simsong/tcpflow/tcpflow-1.2.6.tar.gz
tar zxvf tcpflow-1.2.6.tar.gz
cd tcpflow-1.2.6
./configure
make
sudo checkinstall
sudo mv securityonion-tcpflow_20120418-1_i386.deb ..
cd ..

Original comment by doug.bu...@gmail.com on 20 Apr 2012 at 6:33

  • Added labels: ****
  • Removed labels: ****

GoogleCodeExporter commented Mar 24, 2015 

Download and compiled tcpflow 1.2.6 as follows:

wget https://github.com/downloads/simsong/tcpflow/tcpflow-1.2.6.tar.gz
tar zxvf tcpflow-1.2.6.tar.gz
cd tcpflow-1.2.6
./configure
make
sudo checkinstall
sudo mv securityonion-tcpflow_20120418-1_i386.deb ..
cd ..

Original comment by doug.bu...@gmail.com on 20 Apr 2012 at 6:33

  • Added labels: ****
  • Removed labels: ****
@GoogleCodeExporter

This comment has been minimized.

Show comment
Hide comment
@GoogleCodeExporter

GoogleCodeExporter Mar 24, 2015 

Created /usr/bin/tcpflow with the following content:

#!/bin/bash

/usr/local/bin/tcpflow -T%A.%a-%B.%b $@

Original comment by doug.bu...@gmail.com on 20 Apr 2012 at 6:36

  • Added labels: ****
  • Removed labels: ****

GoogleCodeExporter commented Mar 24, 2015 

Created /usr/bin/tcpflow with the following content:

#!/bin/bash

/usr/local/bin/tcpflow -T%A.%a-%B.%b $@

Original comment by doug.bu...@gmail.com on 20 Apr 2012 at 6:36

  • Added labels: ****
  • Removed labels: ****
@GoogleCodeExporter

This comment has been minimized.

Show comment
Hide comment
@GoogleCodeExporter

GoogleCodeExporter Mar 24, 2015 

Made /usr/bin/tcpflow executable and packaged:

chmod +x /usr/bin/tcpflow

/usr/bin/fpm -s dir -t deb -n securityonion-tcpflow-no-tags -v 20120418 
/usr/bin/tcpflow

Original comment by doug.bu...@gmail.com on 20 Apr 2012 at 6:36

  • Added labels: ****
  • Removed labels: ****

GoogleCodeExporter commented Mar 24, 2015 

Made /usr/bin/tcpflow executable and packaged:

chmod +x /usr/bin/tcpflow

/usr/bin/fpm -s dir -t deb -n securityonion-tcpflow-no-tags -v 20120418 
/usr/bin/tcpflow

Original comment by doug.bu...@gmail.com on 20 Apr 2012 at 6:36

  • Added labels: ****
  • Removed labels: ****
@GoogleCodeExporter

This comment has been minimized.

Show comment
Hide comment
@GoogleCodeExporter

GoogleCodeExporter Mar 24, 2015 

Added the following to security-onion-upgrade.sh:


sed -i 's| |=|g' $CONF
source $CONF
if [ "$VERSION" = "20120412" ]; then
        NEW="20120418"
        echo "**********************************************"   | $LOGGER
        echo "* Upgrading from $VERSION to $NEW."               | $LOGGER
        echo "**********************************************"   | $LOGGER
        DIR="/nsm/backup/$NEW"
        mkdir -p $DIR                                           | $LOGGER
        cd $DIR

        for FILE in securityonion-tcpflow_20120418-1_i386.deb securityonion-tcpflow-no-tags_20120418_i386.deb; do
                echo -n "* Downloading $FILE..."                | $LOGGER
                wget -q http://sourceforge.net/projects/security-onion/files/$NEW/$FILE -O $FILE | $LOGGER
                if [ $? -eq 1 ]; then
                        echo "FAIL"     | $LOGGER
                        exit 1
                else
                        echo "OK"       | $LOGGER
                fi
        done

        echo -n "* Installing downloaded packages..." | $LOGGER
        dpkg -i *.deb                                           >> $LOG
        if [ $? -eq 1 ]; then
                echo "FAIL"     | $LOGGER
                exit 1
        else
                echo "OK"       | $LOGGER
        fi


    sed -i "s|VERSION=$VERSION|VERSION=$NEW|g" $CONF        | $LOGGER
        echo "* Upgrade to $NEW complete."                      | $LOGGER
        echo 
fi

Original comment by doug.bu...@gmail.com on 20 Apr 2012 at 6:37

  • Added labels: ****
  • Removed labels: ****

GoogleCodeExporter commented Mar 24, 2015 

Added the following to security-onion-upgrade.sh:


sed -i 's| |=|g' $CONF
source $CONF
if [ "$VERSION" = "20120412" ]; then
        NEW="20120418"
        echo "**********************************************"   | $LOGGER
        echo "* Upgrading from $VERSION to $NEW."               | $LOGGER
        echo "**********************************************"   | $LOGGER
        DIR="/nsm/backup/$NEW"
        mkdir -p $DIR                                           | $LOGGER
        cd $DIR

        for FILE in securityonion-tcpflow_20120418-1_i386.deb securityonion-tcpflow-no-tags_20120418_i386.deb; do
                echo -n "* Downloading $FILE..."                | $LOGGER
                wget -q http://sourceforge.net/projects/security-onion/files/$NEW/$FILE -O $FILE | $LOGGER
                if [ $? -eq 1 ]; then
                        echo "FAIL"     | $LOGGER
                        exit 1
                else
                        echo "OK"       | $LOGGER
                fi
        done

        echo -n "* Installing downloaded packages..." | $LOGGER
        dpkg -i *.deb                                           >> $LOG
        if [ $? -eq 1 ]; then
                echo "FAIL"     | $LOGGER
                exit 1
        else
                echo "OK"       | $LOGGER
        fi


    sed -i "s|VERSION=$VERSION|VERSION=$NEW|g" $CONF        | $LOGGER
        echo "* Upgrade to $NEW complete."                      | $LOGGER
        echo 
fi

Original comment by doug.bu...@gmail.com on 20 Apr 2012 at 6:37

  • Added labels: ****
  • Removed labels: ****
@GoogleCodeExporter

This comment has been minimized.

Show comment
Hide comment
@GoogleCodeExporter

GoogleCodeExporter Mar 24, 2015 

Tested by:
Sunil Gupta
Heine Lysemose
Tom De Vries

Original comment by doug.bu...@gmail.com on 20 Apr 2012 at 1:49

  • Changed state: Verified
  • Added labels: ****
  • Removed labels: ****

GoogleCodeExporter commented Mar 24, 2015 

Tested by:
Sunil Gupta
Heine Lysemose
Tom De Vries

Original comment by doug.bu...@gmail.com on 20 Apr 2012 at 1:49

  • Changed state: Verified
  • Added labels: ****
  • Removed labels: ****
@GoogleCodeExporter

This comment has been minimized.

Show comment
Hide comment
@GoogleCodeExporter

GoogleCodeExporter Mar 24, 2015 

Published:
http://securityonion.blogspot.com/2012/04/security-onion-20120418-now-available.
html

Original comment by doug.bu...@gmail.com on 20 Apr 2012 at 1:49

  • Added labels: ****
  • Removed labels: ****

GoogleCodeExporter commented Mar 24, 2015 

Published:
http://securityonion.blogspot.com/2012/04/security-onion-20120418-now-available.
html

Original comment by doug.bu...@gmail.com on 20 Apr 2012 at 1:49

  • Added labels: ****
  • Removed labels: ****
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment