-----BEGIN PGP SIGNED MESSAGE-----
I'm trying to run the botnets plugin, but getting the following error
and the alerts are never triggered.
Jul 12 17:15:15 XXXXXX nfsen: Error reading statinfo of
'botnets': No flow file for requested time slot
such a file is supposed to be
/path/to/nfsen/profiles-data/~botnets/botnets/nfcapd.TIMESTAMP, but it
does not exist.
I'm not a nfsen specialist but I was looking at the code (NfAlert.pm) to
try to identify the problem and I could see that the alert plugin
condition is only called if the "statinfo" exists. My question is:
should the botnet plugin create this "statinfo"? Where can debug the
creation of this file in the botnet plugin? (I couldn't see any
reference to this file on the plugin)
Thank you very much for any help. If you need more information, please
let me know.
Kind Regards, Italo.
Italo Valcy :: http://wiki.dcc.ufba.br/~ItaloValcy
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----