Menu
▾
▴
Re: [Os-sim-devel] Ossim-server debug error
|
From: Alberto R. L. <al...@os...> - 2008-01-31 09:37:25
|
Hello, The ossim-server that is included in the ISO hasn't got the fix to solve th= at,=20 its not the last one available. In the next ossim iso release we will updat= e=20 it. And you're right, the buffer was a bit small to handle certain events. You can download it from CVS, and simply substitute the /usr/bin/ossim-serv= er=20 binary. Anyway, in the meantime, for those of you that has problems with CVS, I've = put=20 an ossim-server binary that fixes that issue (and others) in:=20 http://www.ossim.net/ar/ossim-server.bz2 Regards, Alberto. El Mi=E9rcoles, 30 de Enero de 2008 19:33, Jon Uriona escribi=F3: > Hi all, > > From time to time, snortunified events reset the socket between server > and sensor... Seems that the event sent is bigger than it should (more > than the reserved buffer??)... > > Here is the debug log: > > ****** > 2008-01-30 19:19:33 OSSIM-Debug: sim_session_read: Buffer: snort-event > sensor=3D"172.22.17.60" interface=3D"eth1" > gzipdata=3D"789cd556db6edb3810fd15c3ef0d28cef0a205fc2d812c525963b3b12bab2= df2f >77bce507612d71b14dda7adab581ccee5cc19ced0cbeba9eeb6a52e755c8ef3765386056be= f5 >cfee2ba2fe2365dff07fefbb8dd9c5f8ef3f2f87428bb6dd7f597f5d9d6d7edb97ec7f2b21= a9 >f87f3f9301dc661391c5f765b77d938cd87e37c585e775bd96e36a761fcab2e8f8b61399cb= 69 >bc3e9f17b9d775bb5d73fcbfc5c611d6cb51ccfe608af26edd4b7158178ed53b6d5719ace7= 52 >134c9cdcdb23cefb6b1bd9fe6e372c4ca16e3f9dbdfdc91d8dbfa3c8fb04bfec1fb07e91f7= 27 >358cef4d62ba4fa10e383079ccd3242fd848c9048e8029c53529a24bb8b46fd8a7d1f33684= dc >4472172864a08d16bccabe115b4cfabe9f43c3c9d1bc14df0e3f0528e3f404656d78c1a7cd= f6 >b5e3d7f9b9f4ecb6c2435afa7e5852af2b61e8fa55a9dd6b531e9aecbd3f0fa7c1cc0e77fb= 7c >81f2df2cf162ea6ba1fcaa06e98465ffdeae1ba1f9c4e4102caeca7d8c5118f44942769ecf= c9 >45cf23140d2c7c957c80592ec9de6a0f8c0463a5fc5b9e206a5a5c4000d95c13bd814784b3= 1c >073c22afaf1a3149e4acad1c71ed1204dee56230ec9217efac9d27dd88125562334885d893= 6d >6d5bfc48c95c47d4ad88bb02e31324fee7c6a1d638d8aace103360148915d1c7fdd061a13a= 20 >6b0 > 8937e8d4a49f59d30afa1338373d3ff8c90fe436b00a919ef818bb39293e4ea88328fc87b= 87 >d340df81bf04d240148ee5496ace00df998c6b5b6b795f4456959634aa1b16fd161639a42e= 4e >687b995a0a9675d4ca7c0626476c9b5b8881a2dbb023ed532ef640f4de0856e35994fbd60f= f7 >73e923066324601f088442f9d00a620a8f83b793122f1937fe46798531a88d7aaa4c6f9683= 88 >3550159935dd81a13cc99565a801f76d01dc9ad287b02f5cbe6bf58fe6ab501dbcc584b10e= d3 >578a0a32e6521190ee59941459c5676a504ec1b4be8d2d8de7cd5aa81bb2a3a060f2d76211= f1 >5112fdef7962f6b2c0de3e727e45e2d51f76075c704a5077806b7d219139c0be4001d69bc5= 5c >c87c2f315d96fe1ea6f8a7b445ccf0cb4bac601ea545a2e7165d2664c270594e3dbb091034= 30 >ad6e1c5b483cd00300d7bac911d4849ec30c6be48d773cdd34664164b2400bf0343d468738= db >106dbef21373cdae91e0f2a8ccb4e2d4b6f78ba569b0beef77ac4aa37795cb36b1938e00cd= 67 >bf0a0b848756a5e50d56b3d0326317d256913019ec113fb14b3a743e6cc21589f46ceb214b= 96 >60ce1744a5c49583baa757cb599c5988a1cad7e121561dea2e324069a111370f48a6dec748= a5 >b816f385205e74c90ab2a0061f0773a6295748fdba3070f28382ca9c1ccaa0e765ea780ae6= e9 >3d df8e844ad02ac4358 > 2008-01-30 19:19:33 OSSIM-Message: Received error. Inconsistent data > entry, closing socket. Received:2048 Buffer lenght: 2047: 0: Success > 2008-01-30 19:19:33 OSSIM-Message: Session Sensor : REMOVED > 2008-01-30 19:19:33 OSSIM-Message: Removed IP: 172.22.17.60 > 2008-01-30 19:19:33 OSSIM-Message: Session Removed > ****** > > Thanx, > > Jon > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > Os-sim-devel mailing list > Os-...@li... > https://lists.sourceforge.net/lists/listinfo/os-sim-devel |
