New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CapMe should check for active pcap_agent #475

Closed
GoogleCodeExporter opened this Issue Mar 24, 2015 · 3 comments

Comments

Projects
None yet
1 participant
@GoogleCodeExporter
CapMe should check for active pcap_agent

Original issue reported on code.google.com by doug.bu...@gmail.com on 3 Feb 2014 at 1:56

@GoogleCodeExporter

This comment has been minimized.

Show comment
Hide comment
@GoogleCodeExporter

GoogleCodeExporter Mar 24, 2015

[deleted comment]
[deleted comment]
@GoogleCodeExporter

This comment has been minimized.

Show comment
Hide comment
@GoogleCodeExporter

GoogleCodeExporter Mar 24, 2015

--- securityonion-capme-20121213.orig/capme/.inc/callback.php
+++ securityonion-capme-20121213/capme/.inc/callback.php
@@ -129,6 +129,10 @@ if (!$response) {
     $err = 1;
     $debug = $queries[$sidsrc];
     $errMsg = "Failed to find a matching sid, please try again in a few seconds";
+    $response = mysql_query("select * from sensor where agent_type='pcap' and 
active='Y';");
+    if (mysql_num_rows($response) == 0) {
+    $errMsg = "Error: No pcap_agent found";
+    }
 } else {
     $row = mysql_fetch_assoc($response);
     // If using ELSA, we already set $st and $sensor above so don't overwrite that here

Original comment by doug.bu...@gmail.com on 17 Feb 2014 at 1:56

  • Added labels: ****
  • Removed labels: ****
--- securityonion-capme-20121213.orig/capme/.inc/callback.php
+++ securityonion-capme-20121213/capme/.inc/callback.php
@@ -129,6 +129,10 @@ if (!$response) {
     $err = 1;
     $debug = $queries[$sidsrc];
     $errMsg = "Failed to find a matching sid, please try again in a few seconds";
+    $response = mysql_query("select * from sensor where agent_type='pcap' and 
active='Y';");
+    if (mysql_num_rows($response) == 0) {
+    $errMsg = "Error: No pcap_agent found";
+    }
 } else {
     $row = mysql_fetch_assoc($response);
     // If using ELSA, we already set $st and $sensor above so don't overwrite that here

Original comment by doug.bu...@gmail.com on 17 Feb 2014 at 1:56

  • Added labels: ****
  • Removed labels: ****
@GoogleCodeExporter

This comment has been minimized.

Show comment
Hide comment
@GoogleCodeExporter

GoogleCodeExporter Mar 24, 2015

Published:
http://blog.securityonion.net/2014/02/new-securityonion-capme-package-checks.htm
l

Original comment by doug.bu...@gmail.com on 20 Feb 2014 at 1:46

  • Changed state: Verified
  • Added labels: ****
  • Removed labels: ****
Published:
http://blog.securityonion.net/2014/02/new-securityonion-capme-package-checks.htm
l

Original comment by doug.bu...@gmail.com on 20 Feb 2014 at 1:46

  • Changed state: Verified
  • Added labels: ****
  • Removed labels: ****
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment