Re: [Nfsen-plugins-discuss] Botnets 0.3 and Events 0.3 .. How do I test them?

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Running with debug flags turned on in nfsend I see the following errors from the Events.pm

Use of uninitialized value in concatenation (.) or string at /usr/local/nfsen/plugins/Events.pm line 182, <STDIN> line 5.
Use of uninitialized value in concatenation (.) or string at /usr/local/nfsen/plugins/Events.pm line 182, <STDIN> line 5.
Use of uninitialized value in numeric eq (==) at /usr/local/nfsen/plugins/Events.pm line 195, <STDIN> line 5.
Use of uninitialized value in string gt at /usr/local/nfsen/plugins/Events.pm line 539, <STDIN> line 5.
Use of uninitialized value in string eq at /usr/local/nfsen/plugins/Events.pm line 555, <STDIN> line 5.
Use of uninitialized value in string eq at /usr/local/nfsen/plugins/Events.pm line 555, <STDIN> line 5.
Use of uninitialized value in string eq at /usr/local/nfsen/plugins/Events.pm line 555, <STDIN> line 5.
Use of uninitialized value in string eq at /usr/local/nfsen/plugins/Events.pm line 555, <STDIN> line 5.
Use of uninitialized value in string eq at /usr/local/nfsen/plugins/Events.pm line 555, <STDIN> line 5.
Use of uninitialized value in numeric eq (==) at /usr/local/nfsen/plugins/Events.pm line 195, <STDIN> line 5.

From: Donnelly, Michael (OFT)
Sent: Thursday, July 30, 2009 1:34 PM
To: Donnelly, Michael (OFT); nfs...@li...
Subject: RE: [Nfsen-plugins-discuss] Botnets 0.3 and Events 0.3 .. How do I test them?

Still looking to test this .. Shouldn't outbound traffic towards a host listed in the botnets filter
 trigger the plugin  and an attempt to update the database?

Im my case I walk the botnet list and feed the addresses into wget.
  That doesnt trigger an alert.

A little guidance would be very welcome.

From: Donnelly, Michael (OFT) [mailto:Mic...@ci...]
Sent: Tuesday, July 07, 2009 12:09 PM
To: nfs...@li...
Subject: [Nfsen-plugins-discuss] Botnets 0.3 and Events 0.3 .. How do I test them?

I've installed the Botnets and Events plugins as per the documentation ..
 I have the  definition files  downloading via cron.. Now how do I go about
 testing the botnets plugins? The events DB events table is empty at the
 moment..

I have

Thanks .. MikeD

________________________________
This e-mail, including any attachments, may be confidential, privileged or otherwise legally protected. It is intended only for the addressee. If you received this e-mail in error or from someone who was not authorized to send it to you, do not disseminate, copy or otherwise use this e-mail or its attachments. Please notify the sender immediately by reply e-mail and delete the e-mail from your system.