Re: [Sguil-users] Autocat doesn't appear to be functioning
Status: Beta
Brought to you by:
bamm
Menu
▾
▴
Re: [Sguil-users] Autocat doesn't appear to be functioning
|
From: Doug B. <dou...@gm...> - 2014-01-03 19:13:05
|
Hi James,
I seem to remember an issue previously of Sguild expecting config
files to be in /etc/sguild/. Have you tried making /etc/sguild/ a
symlink to /opt/etc/snort/sguild/?
On Fri, Jan 3, 2014 at 2:06 PM, Lay, James <jam...@wi...> wrote:
> Hey all…topic says it. So I have my sguild starting with:
>
>
>
> -a /opt/etc/snort/sguild/autocat.conf
>
>
>
> That file contains:
>
> none||ANY||ANY||ANY||ANY||ANY||ANY||%%REGEXP%%CINS||16
>
>
>
> From my .fast file:
>
> 12:00:32 [1:2403332:645] ET CINS Active Threat Intelligence Poor Reputation
> IP TCP group 17 [**] [Classification: Misc Attack] [Priority: 2] {TCP}
> 125.64.92.105:6000 -> x.x.x.x:1433
>
>
>
> Yet the sguil client shows this alert. I also don’t see anything in the
> Auto Cats Standard Query. Any way to troubleshoot why it’s not seeing
> these? Thank you.
>
>
>
> James
>
>
> ------------------------------------------------------------------------------
> Rapidly troubleshoot problems before they affect your business. Most IT
> organizations don't have a clear picture of how application performance
> affects their revenue. With AppDynamics, you get 100% visibility into your
> Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics
> Pro!
> http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
> _______________________________________________
> Sguil-users mailing list
> Sgu...@li...
> https://lists.sourceforge.net/lists/listinfo/sguil-users
>
--
Doug Burks
|