SELKS | suricata | Nagios monitoring

You wanna monitor suricata via nagios? On Suricata machine do: 1. Create a pipe and set permissions. # mknod -m 666 /var/pipes/suricata.pipe p 2. Let suricata write the fast log to this pipe tuning the /etc/suricata/selks[VERSION]-addin.yaml: outputs: # a line based alerts log similar to Snort’s fast.log – fast: enabled: yes filename: /var/pipes/suricata.pipe append: yes […]

SELKS | suricata | Scirius | Elasticsearch | Hints

1. Manual update SELKS performs a daily suricata update (via /etc/crontab). To execute it manually call as www-data (!!!) NEVER RUN AS ROOT!!! # /bin/sh -c /bin/bash ‘cd /usr/share/python/scirius/ && . bin/activate && python bin/ updatesuricata && deactivate’ www-data 2. fast.log rotation You MUST restart suricata to create a functional fast.log after logrotate. SIGHUP and/or […]

Microsoft | WSUS – Clearing the syncronization history

Loading the syncro history in wsus mmc is very slow and can lead to a timeout [request for server node reset]. In this case delete old history entries: * Start the SQL server management studio * —> Databases —> SUSDB —> right click —> New query USE SUSDB GO DELETE FROM tbEventInstance WHERE EventNamespaceID = […]

Microsoft | WSUS – You should know

Running WSUS using the microsoft sql server express edition [ssee] is pain in the ass. It’s simply too slow. The mmc will run into timeout. Use the more powerful microsoft sql server instead. The first syncronization eats a lot of time. Unfortunately this syncro generates such a huge pile of database data. This results in […]

OpenVPN | log connection status

First method: Add the following lines to servers conf: status /var/log/status.log 5 status-version 2 Second method: Add the following lines to servers conf: client-connect /path/to/your/ client-disconnect /path/to/your/ Start your server with ‘–script-security 2’ The scripts must be owned by the same user running the server. If your scripts are writing log files, check the log […]