[netsa-tools-discuss] results with rwfilter
Timur David Snoke
tdsnoke at cert.org
Mon Apr 20 12:44:38 EDT 2020
To close this loop, I followed up with Kirk and found out that he was running a silk install using the RPM’s from the forensics repository and the data wasn’t going where expected.
The data root for rwflowpack was “/var/silk/data” but the data root that was hard coded in the rpm was “/data” we created a symlink and got working results. I recommended that he move the content to /data/ and ditch the symlink.
Let me know if you have any questions.
-Timur Snoke
From: <netsa-tools-discuss-bounces+tdsnoke=cert.org at cert.org> on behalf of Kirk Olson <Kirk_Olson at secura.net>
Date: Tuesday, April 14, 2020 at 12:46 PM
To: "netsa-tools-discuss at cert.org" <netsa-tools-discuss at cert.org>
Subject: [netsa-tools-discuss] results with rwfilter
I have been using the following rwfilter command to pull data from a sensor named ACIDVS:
rwfilter --start=2020/04/10T09 --end=2015/06/17T11 --sensor=ACIDVS --type=all --any-address=172.18.18.151 --protocol=17 --pass=HOCA01udp.rw
rwfilter does build a resultant file with headers in the top row but there is no data from the sensor in the file. Is there something simple I am missing here? I have read the docs and it is not obvious to me where I might be going wrong.
Thank you for your time.
-Kirk
Kirk Olson
Information Security Engineer
Direct: 920-224-7426
Toll Free: 800-558-3405 ext. 7426
[cid:16b8a6c7a1e6d227b41]<https://www.secura.net/>
website | blog | Facebook | Twitter | LinkedIn<https://www.secura.net/>
<https://www.secura.net/>
Recognized among Ward’s Top 50 and rated A Excellent by A.M. Best. <https://www.secura.net/>
Confidentiality Note: This email may contain confidential and/or private information. If you received this email in error, please delete and notify sender.<https://www.secura.net/>
-------------- next part --------------
HTML attachment scrubbed and removed
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 3704 bytes
Desc: image001.jpg
URL: <http://lists.sei.cmu.edu/pipermail/netsa-tools-discuss/attachments/20200420/a30dff98/attachment.jpg>
More information about the netsa-tools-discuss
mailing list