Skip to content
This repository has been archived by the owner. It is now read-only.

Disabling PADS agent blocks PRADS and results in no SANCP records flowing #454

Closed
GoogleCodeExporter opened this issue Mar 24, 2015 · 2 comments

Comments

@GoogleCodeExporter
Copy link

@GoogleCodeExporter GoogleCodeExporter commented Mar 24, 2015

https://groups.google.com/d/topic/security-onion/k5KfS_0lIkU/discussion

Original issue reported on code.google.com by doug.bu...@gmail.com on 21 Dec 2013 at 11:12

@GoogleCodeExporter
Copy link
Author

@GoogleCodeExporter GoogleCodeExporter commented Mar 24, 2015

Updated nsm_sensor_ps-start as follows:
-        [ "$PRADS_ENABLED" == "yes" ] && [ -z "$SKIP_PRADS" ] && process_start 
"prads" "-i $SENSOR_INTERFACE_SHORT -c /etc/nsm/$SENSOR/prads.conf -u 
$SENSOR_USER -g $SENSOR_GROUP -L /nsm/sensor_data/$SENSOR/sancp/ -f 
/nsm/sensor_data/$SENSOR/pads.fifo $PADS_OPTIONS -b \"$BPF\"" 
"$PROCESS_PID_DIR/$SENSOR/prads.pid" "$PROCESS_LOG_DIR/$SENSOR/prads.log" 
"prads (sessions/assets)"
+
+        [ "$PRADS_ENABLED" == "yes" ] && [ -z "$SKIP_PRADS" ] && [ 
"$PADS_AGENT_ENABLED" == "yes" ] && [ "$SANCP_AGENT_ENABLED" == "yes" ] && 
process_start "prads" "-i $SENSOR_INTERFACE_SHORT -c 
/etc/nsm/$SENSOR/prads.conf -u $SENSOR_USER -g $SENSOR_GROUP -L 
/nsm/sensor_data/$SENSOR/sancp/ -f /nsm/sensor_data/$SENSOR/pads.fifo 
$PADS_OPTIONS -b \"$BPF\"" "$PROCESS_PID_DIR/$SENSOR/prads.pid" 
"$PROCESS_LOG_DIR/$SENSOR/prads.log" "prads (sessions/assets)"
+        [ "$PRADS_ENABLED" == "yes" ] && [ -z "$SKIP_PRADS" ] && [ 
"$PADS_AGENT_ENABLED" == "no" ]  && [ "$SANCP_AGENT_ENABLED" == "yes" ] && 
process_start "prads" "-i $SENSOR_INTERFACE_SHORT -c 
/etc/nsm/$SENSOR/prads.conf -u $SENSOR_USER -g $SENSOR_GROUP -L 
/nsm/sensor_data/$SENSOR/sancp/ -b \"$BPF\"" 
"$PROCESS_PID_DIR/$SENSOR/prads.pid" "$PROCESS_LOG_DIR/$SENSOR/prads.log" 
"prads (sessions/assets)"
+        [ "$PRADS_ENABLED" == "yes" ] && [ -z "$SKIP_PRADS" ] && [ 
"$PADS_AGENT_ENABLED" == "yes" ] && [ "$SANCP_AGENT_ENABLED" == "no" ]  && 
process_start "prads" "-i $SENSOR_INTERFACE_SHORT -c 
/etc/nsm/$SENSOR/prads.conf -u $SENSOR_USER -g $SENSOR_GROUP -f 
/nsm/sensor_data/$SENSOR/pads.fifo $PADS_OPTIONS -b \"$BPF\"" 
"$PROCESS_PID_DIR/$SENSOR/prads.pid" "$PROCESS_LOG_DIR/$SENSOR/prads.log" 
"prads (sessions/assets)"
+        [ "$PRADS_ENABLED" == "yes" ] && [ -z "$SKIP_PRADS" ] && [ 
"$PADS_AGENT_ENABLED" == "no" ]  && [ "$SANCP_AGENT_ENABLED" == "no" ]  && 
echo_error_msg 1 "Warning: PRADS is enabled but will not start because both 
SANCP AGENT and PADS AGENT are disabled!"

Also updated nsm_sensor_ps-restart similarly.

Original comment by doug.bu...@gmail.com on 27 Dec 2013 at 12:46

  • Added labels: ****
  • Removed labels: ****

@GoogleCodeExporter
Copy link
Author

@GoogleCodeExporter GoogleCodeExporter commented Mar 24, 2015

Published:
http://blog.securityonion.net/2013/12/new-nsm-and-setup-packages-available.html

Original comment by doug.bu...@gmail.com on 31 Dec 2013 at 12:06

  • Changed state: Verified
  • Added labels: ****
  • Removed labels: ****

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

1 participant