Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 11 replies
  • Subscribers 2 subscribers
  • Views 2390 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Error after IPS up2date from 1.feb

TOHIL
i have this error, after the newest update of intrusion protection system:

2006:02:02-20:01:55 (none) selfmonng[626]: triggerAction: 'cmd'
2006:02:02-20:01:55 (none) selfmonng[626]: actionCmd(+): '/var/mdw/scripts/snort restart'
2006:02:02-20:01:57 (none) selfmonng[626]: child returned status: exit='0' signal='0'
2006:02:02-20:02:13 (none) selfmonng[626]: check Failed increment snort_inline_running counter 1 - 3
2006:02:02-20:02:18 (none) selfmonng[626]: check Failed increment snort_inline_running counter 2 - 3
2006:02:02-20:02:23 (none) selfmonng[626]: check Failed increment snort_inline_running counter 3 - 3
2006:02:02-20:02:23 (none) selfmonng[626]: DEBUG: NOTIFYEVENT Name=snort_inline_running Level=INFO Id=115 suppressed
2006:02:02-20:02:23 (none) selfmonng[626]: triggerAction: 'cmd'
2006:02:02-20:02:23 (none) selfmonng[626]: actionCmd(+): '/var/mdw/scripts/snort restart'
2006:02:02-20:02:25 (none) selfmonng[626]: child returned status: exit='0' signal='0'
2006:02:02-20:02:35 (none) selfmonng[626]: check Failed increment snort_inline_running counter 1 - 3
2006:02:02-20:02:40 (none) selfmonng[626]: check Failed increment snort_inline_running counter 2 - 3
2006:02:02-20:02:46 (none) selfmonng[626]: check Failed increment snort_inline_running counter 3 - 3
2006:02:02-20:02:46 (none) selfmonng[626]: DEBUG: NOTIFYEVENT Name=snort_inline_running Level=INFO Id=115 suppressed
2006:02:02-20:02:46 (none) selfmonng[626]: triggerAction: 'cmd'
2006:02:02-20:02:46 (none) selfmonng[626]: actionCmd(+): '/var/mdw/scripts/snort restart'
2006:02:02-20:02:48 (none) selfmonng[626]: child returned status: exit='0' signal='0'


This thread was automatically locked due to age.
  • 0 in reply to TOHIL
    ok, the up2date from 3. feb fixed the prob

    Intrusion Protection Ruleset Update
    -----------------------------------
    This file contains the changes in the latest ruleset.

    General information
    -------------------
    -

    New rules
    ---------
    -

    Updated rules
    -------------
        5318 - WEB-CLIENT wmf file SetAbortProc arbitrary code execution attempt (web-client.rules)

    Deleted rules
    -------------
    -