I’m using snort’s configuration:
output alert_csv: alert.csv timestamp,sig_id,dst
But everytime that Snort finishes, I can see a file named :
alert.csv
Instead of having a timestamp after the name :
alert.csv.<timestamp>
as other snort logs...
Hope to find a solution, Thanks.
Related
My flume spool directory contains non-"UTF-8" files.
So I get a Java.nio.charset.MalformedInputException error when I try to collect it.
Changing the encoding option of a .conf file will also cause an error.
And I have to use spooldir type.
How can I collecrt non-"UTF-8" files.
enter image description here
The encoding of our log files were Latin5 (which is Turkish)
Fixed it by adding the below line into the conf file:
AGENTNAME.sources.SOURCENAME.inputCharset = ISO-8859-9
I'm using a script that is supposed to add an attribute to an LDAP record. It used to work, then we moved the LDAP server from Solaris Unix to Linux.
Now the script doesn't work and throws an error
The LDIF file looks like this :
dn:cn=template-uid,ou=Groups,o=mycompany.com,o=Company
changetype:modify
mgrpRFC822MailMember:new#gmail.com
ldapmodify gets called like this :
ldapmodify -h ldap.mycompany.com -D "cn=LDAPuser" -w *pswd* -v -p 636 -f updateUser.ldif
This is the error that gets thrown :
ldapmodify: Invalid parameter "mgrpRFC822MailMember" specified for changetype modify
If I log into LDAP using an LDAP browser with the same user, I can manually add the attribute without any problem. I just can't do it from command line.
Any ideas ?
Thanks
Assuming it should add a value to mgrpRFC822MailMember, it should be:
dn: cn=template-uid,ou=Groups,o=mycompany.com,o=Company
changetype: modify
add: mgrpRFC822MailMember
mgrpRFC822MailMember: new#gmail.com
A changetype of modify needs an action defined, which would be one of: add, delete, replace. That is then followed by the attribute name to take the action on. I'm surprised it worked at all in the previous form.
I need to create a server-side app that saving information to a mongoDB ,
I'm working with java-eclipse-IDE and i have some problems with that .
First ,
I download the mongo-2.7.2.jar and add it to the path ( project ->properties-> java build path -> add jar -> (adding the mongo-2.7.2.jar file ) .
When I press "Run" without writing any other line except the empty - class & main function
The console writing me that :
CLI (1) [java application] path date
Usage : [--bucket bucketname] action
where action is one of:
list : lists all files in the store
put filename : puts the file filename into the store
get filename1 filename2 : gets filename1 from store and sends to filename2
md5 filename : does an md5 hash on a file in the db (for testing)
I tried to put a system.out.print("indications") in the main function but the console showing me the same output ...
onother interesting fact is when i'm wrting a code using a mongo DB the compiler accepted the code and not throwing errors ( seems he accepted the mongo-2.7.2.jar ).
second ,
I thoght maby i need to install a mongoDB plugin to eclipse , should i?
third ,
I saw that maven is integrated a mongoDB service , is it right that i should download maven to eclipse for handle mongoDB?
I need help soon as possible ....
Thanks.
Sounds like its trying to do something with GridFS but is missing a bucket name... are you using GridFS?
First, Let me thank for the log4cplus source code.
I am facing one issue as follows:
What I am trying to do?
I want to log the messages to event log on windows.
What did I do?
I could get the event logging enabled by in including following .h
#include <log4cplus/nteventlogappender.h>
And creating the appender as follows:
SharedAppenderPtr append_3(new NTEventLogAppender(LOG4CPLUS_TEXT("127.0.0.1"), LOG4CPLUS_TEXT("log"), LOG4CPLUS_TEXT("source")));
append_3->setName(LOG4CPLUS_TEXT("ToEventlog"));
Logger to_eventlog = Logger::getInstance(LOG4CPLUS_TEXT("to_eventlog"));
to_eventlog.addAppender(append_3);
to_eventlog.setLogLevel(log4cplus::ALL_LOG_LEVEL);
And logging as
Logger to_eventlog = Logger::getInstance(LOG4CPLUS_TEXT("to_eventlog"));
LOG4CPLUS_FATAL(to_eventlog, “Test Message.”);
When I log the message, I get following in the event log:
The description for Event ID 4096 from source source cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
Test Message.
the message resource is present but the message is not found in the string/message table
I tried to create a dll with name NTEventLogAppender.dll with string table resource and a string with id 4096 (as hardcoded in the nteventlogappender.cxx file in log4cplus) and compiled it with resource only dll (/NOENTRY) but I still keep getting above error.
I already tried question to log4cplus-devel#lists.sourceforge.net but did not get any answer yet.
Any help on how to create this dll would be greatly appreciated.
Thanks.
This is how I resolved this issue:
comipiled NTEventLogAppender.mc file using commands:
mc -U NTEventLogAppender.mc
rc -r NTEventLogAppender.rc
link -dll -noentry -out:NTEventLogAppender.dll NTEventLogAppender.res
where NTEventLogAppender.mc has following contents
MessageIdTypedef=DWORD
SeverityNames=(Success=0x0:STATUS_SEVERITY_SUCCESS
Informational=0x1:STATUS_SEVERITY_INFORMATIONAL
Warning=0x2:STATUS_SEVERITY_WARNING
Error=0x3:STATUS_SEVERITY_ERROR
)
FacilityNames=(System=0x0:FACILITY_SYSTEM
Runtime=0x2:FACILITY_RUNTIME
Stubs=0x3:FACILITY_STUBS
Io=0x4:FACILITY_IO_ERROR_CODE
)
LanguageNames=(English=0x409:MSG00409)
; // The following are message definitions.
MessageId=0x1000
SymbolicName=SVC_TEST
Language=English
A message for something.
.
; // A message file must end with a period on its own line
; // followed by a blank line.
copied the NTEventLogAppender.dll to c:\windows\system32
and ran the above mentioned test program and found that event log found the message resource correctly.
you need to register this dll by copying following in .reg file and running the same
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\log\source]
"EventMessageFile"="C:\\windows\\system32\\NTEventLogAppender.dll"
"CategoryMessageFile"="C:\\windows\\system32\\NTEventLogAppender.dll"
"TypesSupported"=dword:00000007
"CategoryCount"=dword:00000005
I installed moodle 1.9.12 and now I want to use Algebra notation in content. I enable "TeX Notation" and "Algebra Notation" in administrator panel and also install mimetext and dvips and Imagemagic on the server. fortunately Tex Notation works fine but I got the following error for Algebra:
sh: /var/www/html/moodle/filter/tex/mimetex.linux: not found
The shell command
"/var/www/html/moodle/filter/tex/mimetex.linux" -e "/var/www/moodledata/filter/algebra/de06d6c44d98ba4e42dffca988bf530b.gif" -- '\Large \frac{\sin\left(z\right)}{x^{2}+y^{2}}'
returned status = 127
File size of mimetex executable /var/www/html/moodle/filter/tex/mimetex.linux is 830675
The file permissions are: 100775
The md5 checksum of the file is 56bcc40de905ce92ebd7b083c76e019e
Image not found!
Note: /var/www/html/moodle/filter/tex/mimetex.linux exists on the server and is executable!!!
What is the problem?? Any idea?????
From what you have described, calling the general tex filter debug page works and does not show up the same error.
/filter/tex/texdebug.php works, but /filter/algebra/algebradebug.php does not.
If this is the case, perhaps you could check for an open_basedir, or safe_mode_exec_dir being set to include the current working directory, or otherwise restricting the execution of /var/www/html/moodle/filter/tex/mimetex.linux, while the current working directory is /var/www/html/moodle/filter/algebra.
You could look at this by visiting /admin/phpinfo.php at your site, and look carefully at the effective values of open_basedir, safe_mode and safe_mode_exec_dir.
You could also check the apache error log or add the following lines to the top of the algebra debug php file, and you might see some extra error messages:
$CFG->debug = 6143 ;
$CFG->debugdisplay= 1 ;
Hope that helps