Comments (7)
phob0s-pl
commented on June 18, 2024
Can you show what is in syslog ?
from nfr.
ioj
commented on June 18, 2024
I tailed syslog and restarted the daemon. This is the output:
Feb 28 12:46:41 biuro namescore/listen[19980]: #033[32mINFO#033[0m[02-28|12:46:41] Stopped retrieving alerts.
Feb 28 12:46:41 biuro namescore/listen[19980]: #033[32mINFO#033[0m[02-28|12:46:41] Stopped sending queries.
Feb 28 12:46:41 biuro namescore/listen[19980]: #033[32mINFO#033[0m[02-28|12:46:41] Stopped sending queries.
Feb 28 12:46:43 biuro namescore/listen[19980]: #033[32mINFO#033[0m[02-28|12:46:43] namescore exitting #033[32msignal#033[0m=interrupt
Feb 28 12:46:45 biuro namescore/listen[24965]: #033[32mINFO#033[0m[02-28|12:46:45] Whitelist error #033[32merr#033[0m="open /home/phob0s/alphasoc/whitelist.toml: no such file or directory"
Feb 28 12:46:45 biuro namescore/listen[24965]: #033[32mINFO#033[0m[02-28|12:46:45] namescore daemon started #033[32mversion#033[0m=0.1
from nfr.
ioj
commented on June 18, 2024
I also noticed that:
- coloring doesn't work in syslog
- there's some kind of problem with whitelists.
from nfr.
phob0s-pl
commented on June 18, 2024
1). So I will change log15 format to different one. If you have there systemd colors are present in journalctl.
2) It's INFO log informing that there is no whitelist file ( it's not mandatory file )
from nfr.
phob0s-pl
commented on June 18, 2024
If you have still default settings:
- run namescore listen
- run in bash loop "nslookup google.pl" 101 times
- check if there is dump in /home/phob0s/alphasoc/backup
from nfr.
ioj
commented on June 18, 2024
Done, but the directory is empty.
from nfr.
phob0s-pl
commented on June 18, 2024
in offline discussion it turned out that its working, debugus helped
from nfr.
Related Issues (20)
- Adjust JSON output to add groups and tidy up threats HOT 3
- Build / distribute NFR as a snap package
- Output alerts as a stream of events
- Fetch more alerts from API when data truncated
- Add support for CEF format HOT 1
- Automate EL7 builds
- Suricata TLS support HOT 3
- Add top threat and severity to JSON HOT 1
- Bro http.log support
- Bro ssl.log support HOT 1
- Bro dhcp.log support
- Do not send FQDNs with a single label
- Send "service" column from zeek logs
- Add HTTP items to config.yml
- Missing p2p threats from demo
- Render connID in alerts
- ci: extend CI pipeline to include deb/rpm installation and nfr execution
- Update follow value on empty response
- graylog writer: failures sending alerts to graylog instance
- workflow to use new google auth and docker login plugins HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nfr.