| Author |
Message |
|
kristik
Joined: Fri Mar 20, 2009 2:01 pm
Posts: 10
|
 Problems with 1.0.5 on CentOS Hi all...
I have installed BotHunter 1.0.5 multiple times on the same CentOS system that used to successfully run 1.0.4. I am downloading the zipped tar archive and following the install directions in the Unix user guide. I am connected to the CentOS system via a VNC session to my desktop. The install went fine and the gui starts but no data ever arrives. The botHunterResults files are empty. The log files under CTA_BotHunter have no obvious error messages. The status says "No input data received."
Should I scrub the install again and try the liveCD rather than the tar archive? I have found this program to be highly useful in the past and would love to get it running again with the new features.
Thanks...Kristi
|
| Mon Feb 08, 2010 10:50 pm |
 |
|
|
kristik
Joined: Fri Mar 20, 2009 2:01 pm
Posts: 10
|
Re: Problems with 1.0.5 on CentOS The test page from http://www.bothunter.net/bothunter/testpage-1.X.html never shows up in the log files. This means the install is not good. Does this version of BotHunter work on 1GB networks? Is CentOS 5.4 supported? Is 4GB RAM enough? Thanks...Kristik
|
| Tue Feb 09, 2010 6:53 pm |
|
|
|
mwfong
Joined: Mon Dec 15, 2008 9:00 pm
Posts: 228
|
Re: Problems with 1.0.5 on CentOS Are you installing the 1.0.5 beta or the current 1.5.0 release? If you're installing the former, I strongly recommend your obtaining and installing the latter. The most recent 1.5.0 release fixes problems with low volume alerts not being sent to the BotHunter correlator (see http://forum.bothunter.net/viewtopic.php?f=3&t=736).
|
| Wed Feb 10, 2010 1:04 am |
|
|
|
kristik
Joined: Fri Mar 20, 2009 2:01 pm
Posts: 10
|
Re: Problems with 1.0.5 on CentOS I installed BotHunter.Unix.1.5.0.96DB53A2F0E4.tar , downloaded on Feb 8.
|
| Wed Feb 10, 2010 2:04 pm |
|
|
|
mwfong
Joined: Mon Dec 15, 2008 9:00 pm
Posts: 228
|
Re: Problems with 1.0.5 on CentOS I suggest two approaches to diagnose your system: 1. Configure BotHunter to save the snort alerts to a file (I use the name "SnortAlerts_%dt.txt").
2. In a shell, run runsnort.csh. In both cases, visit the BotHunter test page and terminate the processes. Please tell me whether (1) created a non-empty .txt file and (2) produced a snort alert.
|
| Thu Feb 11, 2010 11:31 pm |
|
|
|
kristik
Joined: Fri Mar 20, 2009 2:01 pm
Posts: 10
|
Re: Problems with 1.0.5 on CentOS Sorry for the delay. I found a very old install of BotHunter so blew everything away and started over with a fresh install. No matter what I do, the .txt file has no entries. The snort-alert log gets an entry for the test rule after I exit snort.
...Kristik
|
| Wed Feb 17, 2010 10:02 pm |
|
|
|
mwfong
Joined: Mon Dec 15, 2008 9:00 pm
Posts: 228
|
Re: Problems with 1.0.5 on CentOS I just checked the distribution on the web site and discovered that it doesn't have the buffer flush fix.  I've therefore replaced it and suggest that you refresh your copy.
|
| Fri Feb 19, 2010 11:54 pm |
|
|
|
kristik
Joined: Fri Mar 20, 2009 2:01 pm
Posts: 10
|
Re: Problems with 1.0.5 on CentOS Amazing! The test page now creates a visible entry. Glad this install is finally finished! Thanks for the assist.
...Kristi
|
| Mon Feb 22, 2010 9:32 pm |
|
|
