[Oisf-users] trying to get file logging working on 2.0.4
Russell Fulton
r.fulton at auckland.ac.nz
Thu Dec 18 23:34:37 UTC 2014
On 15/12/2014, at 10:28 pm, Peter Manev <petermanev at gmail.com> wrote:
>
> Can you please try (if you haven't) -
> checksum-validation: no
> in the suricata.yaml.
Was set to no
>
> also i would try just that -
> alert http any any -> any any (msg:"FILE magic -- windows";
> filemagic:"executable"; filestore; sid:18; rev:1;)
> just to simplify and confirm that files are getting logged.
done.
>
> What is your starting line for Suricata - it might be a dir
> permissions issue if you are running with dropping privileges but the
> file dir is owned by root(or another user)?
sensors 32664 203 3.7 2673684 1849120 ? Ssl 12:00 1:50 /usr/bin/suricata -D -c /home/sensors/dmzo/conf/suricata.conf --af-packet --pid /home/sensors/dmzo/run/suricata.pid
sensors at secmonprd01:~$ ls -ld data/dmzo/files
drwxrwxr-x 2 sensors sensors 4096 Dec 19 12:05 data/dmzo/files
which seems kosher.
removing run_as: section so we don’t drop privs — still not seeing files being logged.
Russell
More information about the Oisf-users
mailing list