Re: [aanval] Digest for aanval@googlegroups.com - 3 Messages in 1 Topic
31 views
Skip to first unread message
John Hally
Mar 14, 2013, 4:13:16 PM3/14/13
to aan...@googlegroups.com
Make sure that you have the sensors enabled under your user account
From: "aan...@googlegroups.com" <aan...@googlegroups.com>
Reply-To: "aan...@googlegroups.com" <aan...@googlegroups.com>
Date: Thursday, March 14, 2013 4:09 PM
To: Digest Recipients <aan...@googlegroups.com>
Subject: [aanval] Digest for aan...@googlegroups.com - 3 Messages in 1 Topic
Reply-To: "aan...@googlegroups.com" <aan...@googlegroups.com>
Date: Thursday, March 14, 2013 4:09 PM
To: Digest Recipients <aan...@googlegroups.com>
Subject: [aanval] Digest for aan...@googlegroups.com - 3 Messages in 1 Topic
Group: http://groups.google.com/group/aanval/topics
- No Snort events visible [3 Updates]
-
Florian Keclik <flori...@gmail.com> Mar 14 01:34AM -0700
I’m trying to get Aanval to display events from Snort and I believe I am
almost there. Aanval sees the Sensor and things seem to work (see
screenshots).
<https://lh3.googleusercontent.com/-90N3FMosz5w/UUGKcAjB03I/AAAAAAAAIyU/O0zCwt9A2dI/s1600/pix1.jpg>
It can display events from the Aanval console and both sensors are active.
I have 2 active sensors one from Aanval and one from Snort. I know the
trial license only supports one sensor but even when I turn off the Aanval
sensor I can’t see the events from Snort.
<https://lh4.googleusercontent.com/-s7JrglXBAXU/UUGKOt5kP8I/AAAAAAAAIyM/vw5m4XANuRk/s1600/Home.jpg>
Barnyard is writing events in the db:
<https://lh4.googleusercontent.com/-54E-ADlv4HU/UUGKBCriNfI/AAAAAAAAIyE/MG-DL6_kigY/s1600/by.png>
The interesting thing is probably the error.log which is full with lines
like this:
Mar 13 09:01:09 [ERROR] [10.50.5.12] [root : 1] MySQL Query Error: You have
an error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near ') ORDER BY mas.id
DESC LIMIT 10' at line 1
Mar 13 09:01:09 [ERROR] [10.50.5.12] [root : 1] MySQL Query Error: You have
an error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near ') GROUP BY created
ORDER BY created' at line 1
Mar 13 09:01:09 [ERROR] [10.50.5.12] [root : 1] MySQL Query Error: You have
an error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near ')' at line 1
Mar 13 09:01:09 [ERROR] [10.50.5.12] [root : 1] MySQL Query Error: You have
an error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near ') AND timestamp >=
1363164669' at line 1
Mar 13 09:01:09 [ERROR] [10.50.5.12] [root : 1] MySQL Query Error: You have
an error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near ') AND timestamp >=
1363161669' at line 1
Mar 13 09:01:09 [ERROR] [10.50.5.12] [root : 1] MySQL Query Error: You have
an error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near ') AND timestamp >=
1363132800' at line 1
Mar 13 09:01:09 [ERROR] [10.50.5.12] [root : 1] MySQL Query Error: You have
an error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near ') ORDER BY mas.id
DESC LIMIT 15' at line 1
Mar 13 09:06:09 [ERROR] [10.50.5.12] [root : 1] MySQL Query Error: You have
an error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near ') ORDER BY mas.id
DESC LIMIT 10' at line 1
Mar 13 09:06:09 [ERROR] [10.50.5.12] [root : 1] MySQL Query Error: You have
an error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near ') GROUP BY created
ORDER BY created' at line 1
Mar 13 09:06:09 [ERROR] [10.50.5.12] [root : 1] MySQL Query Error: You have
an error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near ')' at line 1
Mar 13 09:06:09 [ERROR] [10.50.5.12] [root : 1] MySQL Query Error: You have
an error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near ') AND timestamp >=
1363164969' at line 1
To test the SQL statements I run some select statements form the debug.log
directly in mysql and they run just fine without a problem. I tried those
that invoke the timestamp command as the timestamp seems to be a problem
according to the error.log.
Can it be a versioning issue? I'm running Aanval SAS v7.1 (70142) and MySQL
Ver 14.14 Dist 5.5.30 x86_64.
Any help is greatly appreciated!
-
Eric Smith <superhe...@gmail.com> Mar 14 02:08AM -0700
The user permissions are enabled for the admin account, but there is a
second account created; from the screenshot it looks like "New Account."
Also from that screenshot it shows that that new user is logged in and the
user permissions are not enabled. Check the box for those user permissions
on that sensor and the events will be displayed.
Sent from my iPhone
On Mar 14, 2013, at 1:34 AM, Florian Keclik <flori...@gmail.com> wrote:
I’m trying to get Aanval to display events from Snort and I believe I am
almost there. Aanval sees the Sensor and things seem to work (see
screenshots).
<https://lh3.googleusercontent.com/-90N3FMosz5w/UUGKcAjB03I/AAAAAAAAIyU/O0zCwt9A2dI/s1600/pix1.jpg>
It can display events from the Aanval console and both sensors are active.
I have 2 active sensors one from Aanval and one from Snort. I know the
trial license only supports one sensor but even when I turn off the Aanval
sensor I can’t see the events from Snort.
<https://lh4.googleusercontent.com/-s7JrglXBAXU/UUGKOt5kP8I/AAAAAAAAIyM/vw5m4XANuRk/s1600/Home.jpg>
Barnyard is writing events in the db:
<https://lh4.googleusercontent.com/-54E-ADlv4HU/UUGKBCriNfI/AAAAAAAAIyE/MG-DL6_kigY/s1600/by.png>
The interesting thing is probably the error.log which is full with lines
like this:
Mar 13 09:01:09 [ERROR] [10.50.5.12] [root : 1] MySQL Query Error: You have
an error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near ') ORDER BY
mas.idDESC LIMIT 10' at line 1
Mar 13 09:01:09 [ERROR] [10.50.5.12] [root : 1] MySQL Query Error: You have
an error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near ') GROUP BY created
ORDER BY created' at line 1
Mar 13 09:01:09 [ERROR] [10.50.5.12] [root : 1] MySQL Query Error: You have
an error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near ')' at line 1
Mar 13 09:01:09 [ERROR] [10.50.5.12] [root : 1] MySQL Query Error: You have
an error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near ') AND timestamp >=
1363164669' at line 1
Mar 13 09:01:09 [ERROR] [10.50.5.12] [root : 1] MySQL Query Error: You have
an error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near ') AND timestamp >=
1363161669' at line 1
Mar 13 09:01:09 [ERROR] [10.50.5.12] [root : 1] MySQL Query Error: You have
an error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near ') AND timestamp >=
1363132800' at line 1
Mar 13 09:01:09 [ERROR] [10.50.5.12] [root : 1] MySQL Query Error: You have
an error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near ') ORDER BY
mas.idDESC LIMIT 15' at line 1
Mar 13 09:06:09 [ERROR] [10.50.5.12] [root : 1] MySQL Query Error: You have
an error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near ') ORDER BY
mas.idDESC LIMIT 10' at line 1
Mar 13 09:06:09 [ERROR] [10.50.5.12] [root : 1] MySQL Query Error: You have
an error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near ') GROUP BY created
ORDER BY created' at line 1
Mar 13 09:06:09 [ERROR] [10.50.5.12] [root : 1] MySQL Query Error: You have
an error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near ')' at line 1
Mar 13 09:06:09 [ERROR] [10.50.5.12] [root : 1] MySQL Query Error: You have
an error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near ') AND timestamp >=
1363164969' at line 1
To test the SQL statements I run some select statements form the debug.log
directly in mysql and they run just fine without a problem. I tried those
that invoke the timestamp command as the timestamp seems to be a problem
according to the error.log.
Can it be a versioning issue? I'm running Aanval SAS v7.1 (70142) and MySQL
Ver 14.14 Dist 5.5.30 x86_64.
Any help is greatly appreciated!
--
You received this message because you are subscribed to the Google Groups
"Aanval - Snort & Syslog SIEM (Correlation and Threat Management)" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to aanval+un...@googlegroups.com.
To post to this group, send email to aan...@googlegroups.com.
Visit this group at http://groups.google.com/group/aanval?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
-
Florian Keclik <flori...@gmail.com> Mar 14 02:33AM -0700
I already tried that. When I just had the root account Aanval didn't offer
the user permission settings so I added the "New Account". This gave me the
user permissions but enabling them doesn't show events either.
On Thursday, March 14, 2013 10:08:09 AM UTC+1, SuperheroSmith wrote:
You received this message because you are subscribed to the Google Group aanval.
You can
post via email.
To unsubscribe from this group,
send an empty message.
For more options,
visit this group.
You received this message because you are subscribed to the Google Groups "Aanval - Snort & Syslog SIEM (Correlation and Threat Management)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to aanval+un...@googlegroups.com.
To post to this group, send email to aan...@googlegroups.com.
Visit this group at http://groups.google.com/group/aanval?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
Florian Keclik
Mar 15, 2013, 3:26:02 AM3/15/13
to aan...@googlegroups.com
The sensor is enabled but no events are visible. It works when I use the Aanval sensor. I can see those events but with the snort sensor it doesn't.
Reply all
Reply to author
Forward
0 new messages