Ticket #26 (closed defect: fixed)

Opened 10 years ago

Last modified 10 years ago

Cleaning out log files does not re-create all necessary log points

Reported by: david Owned by: [email protected]
Priority: major Milestone: roo-1.4
Component: Walleye Version: 1.4b3
Keywords: Cc:

Description

[[email protected] log]# cd /var/log [[email protected] log]# find pcap/ pcap/ pcap/1207908483 pcap/1207908483/log

Select "Clean out logging directories" in Walleye system admin console.

Logs are deleted/truncated, success message returned but pcap directory structure is not re-created:

[[email protected] log]# cd /var/log [[email protected] log]# pwd find: pcap/: No such file or directory

Pinging a honeypot does not cause new pcap data to be logged, meaning attack traffic is lost.

Subsequently using Walleye to restart the honeywall processes does cause the pcap logs to start being generated, but the log clean down process should also do this too.

Change History

Changed 10 years ago by rmcmillen

  • status changed from new to closed
  • resolution set to fixed

Walleye admin was removing the directories and not stopping nor starting the services. Changesets [45] in roo-base and [46] in walleye address the issue. roo-base version 5-26 and walleye version 1.2.3.

Note: See TracTickets for help on using tickets.