'Re: [security-onion] Sguil Server fails to start'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       security-onion
Subject:    Re: [security-onion] Sguil Server fails to start
From:       Cody Sapp <tgq714 () mocs ! utc ! edu>
Date:       2013-03-26 20:52:42
Message-ID: CACs3At0z+XSg81fwyaKVL8zr3Wm9KkaWNW6dOYknYJjzJLmZEg () mail ! gmail ! com
[Download RAW message or body]

That fixed it.  Thanks you guys.

On Tue, Mar 26, 2013 at 4:27 PM, Doug Burks <doug.burks@gmail.com> wrote:

> Hi Cody,
> 
> Based on the following snippet:
> Out of resources when opening file
> './securityonion_db/event_winning@002dossec_20130301.MYD' (Errcode:
> 24)
> 
> please see:
> 
> https://code.google.com/p/security-onion/wiki/FAQ#I_get_periodic_MySQL_crashes_and/or_error_code_24_
>  "out_of_r
> 
> Thanks,
> Doug
> 
> On Tue, Mar 26, 2013 at 1:41 PM, Cody Sapp <tgq714@mocs.utc.edu> wrote:
> > Here it is:
> > 
> > 2013-03-26 17:39:49 pid(30942)  Adding AutoCat Rule:
> > > > ANY||ANY||ANY||ANY||ANY||ANY||%%REGEXP%%^PADS Changed Asset - domain||1
> > 2013-03-26 17:39:49 pid(30942)  Adding AutoCat Rule:
> > > > ANY||ANY||ANY||ANY||ANY||ANY||%%REGEXP%%^PADS New Asset - domain||1
> > 2013-03-26 17:39:49 pid(30942)  Adding AutoCat Rule:
> > > > ANY||ANY||ANY||ANY||ANY||ANY||%%REGEXP%%^PADS Changed Asset - smtp||1
> > 2013-03-26 17:39:49 pid(30942)  Adding AutoCat Rule:
> > > > ANY||ANY||ANY||ANY||ANY||ANY||%%REGEXP%%^PADS New Asset - smtp||1
> > 2013-03-26 17:39:49 pid(30942)  Adding AutoCat Rule:
> > > > ANY||ANY||ANY||ANY||ANY||ANY||%%REGEXP%%^PADS Changed Asset - ssh||1
> > 2013-03-26 17:39:49 pid(30942)  Adding AutoCat Rule:
> > > > ANY||ANY||ANY||ANY||ANY||ANY||%%REGEXP%%^PADS New Asset - ssh||1
> > 2013-03-26 17:39:49 pid(30942)  Email Configuration:
> > 2013-03-26 17:39:49 pid(30942)    Config file: /etc/sguild/sguild.email
> > 2013-03-26 17:39:49 pid(30942)    Enabled: No
> > 2013-03-26 17:39:49 pid(30942)  Connecting to localhost on 3306 as sguil
> > 2013-03-26 17:39:49 pid(30942)  MySQL Version: version
> > 5.5.29-0ubuntu0.12.04.2
> > 2013-03-26 17:39:49 pid(30942)  SguilDB Version: 0.13
> > 2013-03-26 17:39:49
> > *************************************************************
> > 
> > ERROR: You appear to be using an old version of
> > the
> > sguil database schema that does not support the MERGE tables
> > Please use the migrate_event.tcl script and see the CHANGES
> > document for more information
> > 
> > . Table event returned status => event {} {} {} {} {} {} {} {} {} {} {}
> {}
> > {} {} {} {} {Out of resources when opening file
> > './securityonion_db/event_winning@002dossec_20130301.MYD' (Errcode: 24)}
> > *************************************************************
> > 
> > SGUILD: Exiting...
> > ~
> > 
> > 
> > On Mon, Mar 25, 2013 at 6:19 PM, Doug Burks <doug.burks@gmail.com>
> wrote:
> > > 
> > > Answered you in your first email.
> > > Doug
> > > 
> > > 
> > > On Monday, March 25, 2013, Cody Sapp wrote:
> > > > 
> > > > Here is the output from sostat:
> > > > 
> =========================================================================
> > > > Service Status
> > > > 
> =========================================================================
> > > > Status: securityonion
> > > > * sguil server[ FAIL ]
> > > > Status: HIDS
> > > > * ossec_agent (sguil)[  OK  ]
> > > > Status: Bro
> > > > Name       Type       Host       Status        Pid    Peers  Started
> > > > manager    manager    NOPE       running       19781  ???    25 Mar
> > > > 20:48:23
> > > > proxy      proxy      NOPE       running       19833  ???    25 Mar
> > > > 20:48:25
> > > > winning-eth0-1 worker NOPE       running       19919  ???    25 Mar
> > > > 20:48:27
> > > > winning-eth0-2 worker NOPE       running       19918  ???    25 Mar
> > > > 20:48:27
> > > > winning-eth1-1 worker NOPE       running       19920  ???    25 Mar
> > > > 20:48:27
> > > > winning-eth1-2 worker NOPE       running       19921  ???    25 Mar
> > > > 20:48:27
> > > > Status: winning-eth0
> > > > * netsniff-ng (full packet data)[  OK  ]
> > > > * pcap_agent (sguil)[  OK  ]
> > > > * snort_agent-1 (sguil)[  OK  ]
> > > > * snort_agent-2 (sguil)[  OK  ]
> > > > * snort_agent-3 (sguil)[  OK  ]
> > > > * snort-1 (alert data)[  OK  ]
> > > > * snort-2 (alert data)[  OK  ]
> > > > * snort-3 (alert data)[  OK  ]
> > > > * barnyard2-1 (spooler, unified2 format)[  OK  ]
> > > > * barnyard2-2 (spooler, unified2 format)[  OK  ]
> > > > * barnyard2-3 (spooler, unified2 format)[  OK  ]
> > > > * prads (sessions/assets)[  OK  ]
> > > > * sancp_agent (sguil)[  OK  ]
> > > > * pads_agent (sguil)[  OK  ]
> > > > * argus[  OK  ]
> > > > * http_agent (sguil)[  OK  ]
> > > > Status: winning-eth1
> > > > * netsniff-ng (full packet data)[  OK  ]
> > > > * pcap_agent (sguil)[  OK  ]
> > > > * snort_agent-1 (sguil)[  OK  ]
> > > > * snort_agent-2 (sguil)[  OK  ]
> > > > * snort_agent-3 (sguil)[  OK  ]
> > > > * snort-1 (alert data)[  OK  ]
> > > > * snort-2 (alert data)[  OK  ]
> > > > * snort-3 (alert data)[  OK  ]
> > > > * barnyard2-1 (spooler, unified2 format)[  OK  ]
> > > > * barnyard2-2 (spooler, unified2 format)[  OK  ]
> > > > * barnyard2-3 (spooler, unified2 format)[  OK  ]
> > > > * prads (sessions/assets)[  OK  ]
> > > > * sancp_agent (sguil)[  OK  ]
> > > > * pads_agent (sguil)[  OK  ]
> > > > * argus[  OK  ]
> > > > * http_agent (sguil)[  OK  ]
> > > > 
> > > > 
> =========================================================================
> > > > Interface Status
> > > > 
> =========================================================================
> > > > eth0      Link encap:Ethernet  HWaddr 00:50:45:5d:0e:2c
> > > > inet addr:NOPE  Bcast:NOPE  Mask:NOPE
> > > > inet6 addr: NOPE Scope:Link
> > > > UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
> > > > RX packets:191679 errors:0 dropped:0 overruns:0 frame:0
> > > > TX packets:25413 errors:0 dropped:0 overruns:0 carrier:0
> > > > collisions:0 txqueuelen:1000
> > > > RX bytes:19550240 (19.5 MB)  TX bytes:2977185 (2.9 MB)
> > > > Interrupt:27
> > > > 
> > > > eth1      Link encap:Ethernet  HWaddr NOPE
> > > > UP BROADCAST RUNNING NOARP PROMISC MULTICAST  MTU:1500
> > > > Metric:1
> > > > RX packets:2286985 errors:0 dropped:0 overruns:0 frame:0
> > > > TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
> > > > collisions:0 txqueuelen:1000
> > > > RX bytes:1468904635 (1.4 GB)  TX bytes:0 (0.0 B)
> > > > Interrupt:27
> > > > 
> > > > lo        Link encap:Local Loopback
> > > > inet addr:NOPE  Mask:NOPE
> > > > inet6 addr: NOPE Scope:Host
> > > > UP LOOPBACK RUNNING  MTU:16436  Metric:1
> > > > RX packets:56157 errors:0 dropped:0 overruns:0 frame:0
> > > > TX packets:56157 errors:0 dropped:0 overruns:0 carrier:0
> > > > collisions:0 txqueuelen:0
> > > > RX bytes:53418305 (53.4 MB)  TX bytes:53418305 (53.4 MB)
> > > > 
> > > > 
> > > > 
> =========================================================================
> > > > Disk Usage
> > > > 
> =========================================================================
> > > > Filesystem      Size  Used Avail Use% Mounted on
> > > > /dev/sda1       935G  772G  116G  87% /
> > > > udev            3.9G  4.0K  3.9G   1% /dev
> > > > tmpfs           1.6G  860K  1.6G   1% /run
> > > > none            5.0M     0  5.0M   0% /run/lock
> > > > none            3.9G     0  3.9G   0% /run/shm
> > > > 
> > > > 
> =========================================================================
> > > > Network Sockets
> > > > 
> =========================================================================
> > > > 
> > > > [Skipping this because I do not think it is important.  There were no
> > > > errors or anything in this part]
> > > > 
> > > > 
> =========================================================================
> > > > IDS Rules Update
> > > > 
> =========================================================================
> > > > Mon Mar 25 07:01:01 UTC 2013
> > > > Backing up current downloaded.rules file before it gets overwritten.
> > > > Cleaning up downloaded.rules backup files older than 30 days.
> > > > Running PulledPork.
> > > > http://code.google.com/p/pulledpork/
> > > > _____ ____
> > > > `----,\    )
> > > > `--==\\  /    PulledPork v0.6.1 the Smoking Pig <////~
> > > > `--==\\/
> > > > .-~~~~-.Y|\\_  Copyright (C) 2009-2011 JJ Cummings
> > > > @_/        /  66\_  cummingsj@gmail.com
> > > > > \   \   _(")
> > > > \   /-| ||'--'  Rules give me wings!
> > > > \_\  \_\\
> > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > > > Checking latest MD5 for emerging.rules.tar.gz....
> > > > They Match
> > > > Done!
> > > > Prepping rules from emerging.rules.tar.gz for work....
> > > > Done!
> > > > Reading rules...
> > > > Generating Stub Rules....
> > > > Done
> > > > Reading rules...
> > > > Reading rules...
> > > > Reading rules...
> > > > Processing /etc/nsm/pulledpork/enablesid.conf....
> > > > Modified 0 rules
> > > > Done
> > > > Processing /etc/nsm/pulledpork/dropsid.conf....
> > > > Modified 0 rules
> > > > Done
> > > > Processing /etc/nsm/pulledpork/disablesid.conf....
> > > > Modified 0 rules
> > > > Done
> > > > Modifying Sids....
> > > > Done!
> > > > Setting Flowbit State....
> > > > Enabled 11 flowbits
> > > > Done
> > > > Writing /etc/nsm/rules/downloaded.rules....
> > > > Done
> > > > Writing /etc/nsm/rules/so_rules.rules....
> > > > Done
> > > > Generating sid-msg.map....
> > > > Done
> > > > Writing /etc/nsm/rules/sid-msg.map....
> > > > Done
> > > > Writing /var/log/sid_changes.log....
> > > > Done
> > > > Rule Stats....
> > > > New:-------0
> > > > Deleted:---0
> > > > Enabled Rules:----13845
> > > > Dropped Rules:----0
> > > > Disabled Rules:---3208
> > > > Total Rules:------17053
> > > > Done
> > > > Please review /var/log/sid_changes.log for additional details
> > > > Fly Piggy Fly!
> > > > Restarting Barnyard2.
> > > > Restarting: winning-eth0
> > > > * stopping: barnyard2-1 (spooler, unified2 format)[  OK  ]
> > > > * starting: barnyard2-1 (spooler, unified2 format)[  OK  ]
> > > > * stopping: barnyard2-2 (spooler, unified2 format)[  OK  ]
> > > > * starting: barnyard2-2 (spooler, unified2 format)[  OK  ]
> > > > * stopping: barnyard2-3 (spooler, unified2 format)[  OK  ]
> > > > * starting: barnyard2-3 (spooler, unified2 format)[  OK  ]
> > > > Restarting: winning-eth1
> > > > * stopping: barnyard2-1 (spooler, unified2 format)[  OK  ]
> > > > * starting: barnyard2-1 (spooler, unified2 format)[  OK  ]
> > > > * stopping: barnyard2-2 (spooler, unified2 format)[  OK  ]
> > > > * starting: barnyard2-2 (spooler, unified2 format)[  OK  ]
> > > > * stopping: barnyard2-3 (spooler, unified2 format)[  OK  ]
> > > > * starting: barnyard2-3 (spooler, unified2 format)[  OK  ]
> > > > Restarting IDS Engine.
> > > > Restarting: winning-eth0
> > > > * stopping: snort-1 (alert data)[  OK  ]
> > > > * starting: snort-1 (alert data)[  OK  ]
> > > > * stopping: snort-2 (alert data)[  OK  ]
> > > > * starting: snort-2 (alert data)[  OK  ]
> > > > * stopping: snort-3 (alert data)[  OK  ]
> > > > * starting: snort-3 (alert data)[  OK  ]
> > > > Restarting: winning-eth1
> > > > * stopping: snort-1 (alert data)[  OK  ]
> > > > * starting: snort-1 (alert data)[  OK  ]
> > > > * stopping: snort-2 (alert data)[  OK  ]
> > > > * starting: snort-2 (alert data)[  OK  ]
> > > > * stopping: snort-3 (alert data)[  OK  ]
> > > > * starting: snort-3 (alert data)[  OK  ]
> > > > 
> > > > 
> =========================================================================
> > > > CPU Usage
> > > > 
> =========================================================================
> > > > top - 21:16:22 up  1:22,  2 users,  load average: 10.47, 10.93, 11.52
> > > > Tasks: 205 total,  11 running, 194 sleeping,   0 stopped,   0 zombie
> > > > Cpu(s): 25.1%us, 52.3%sy,  5.0%ni, 12.1%id,  5.0%wa,  0.1%hi,  0.5%si,
> > > > 0.0%st
> > > > Mem:   8178204k total,  7765188k used,   413016k free,   436188k
> buffers
> > > > Swap: 12474632k total,     7828k used, 12466804k free,  3618300k cached
> > > > 
> > > > PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
> > > > 14227 root      25   5 82004  20m  892 R   33  0.3  19:05.23 bro
> > > > 19789 root      25   5  153m  20m  920 R   31  0.3   6:10.10 bro
> > > > 14728 root      20   0  287m 105m  70m S   22  1.3  15:03.66 bro
> > > > 19838 root      25   5 65616  19m  820 S   22  0.2   5:38.00 bro
> > > > 14729 root      20   0  288m 107m  71m R   20  1.3  14:44.39 bro
> > > > 19918 root      20   0  205m  95m  68m S   20  1.2   5:05.09 bro
> > > > 19921 root      20   0  286m 104m  70m S   20  1.3   5:10.17 bro
> > > > 14726 root      20   0  206m  95m  68m R   16  1.2  14:59.93 bro
> > > > 19919 root      20   0  277m  95m  68m S   16  1.2   4:57.49 bro
> > > > 19929 root      25   5  130m  83m  64m R   16  1.1   3:21.29 bro
> > > > 14727 root      20   0  278m  95m  68m S   14  1.2  14:56.62 bro
> > > > 19920 root      20   0  285m 104m  70m R   14  1.3   5:08.26 bro
> > > > 20010 root      25   5  130m  83m  64m R   12  1.1   3:11.31 bro
> > > > 14732 root      25   5  129m  83m  64m S   10  1.0  11:03.68 bro
> > > > 14737 root      25   5  129m  83m  64m S   10  1.0  11:38.42 bro
> > > > 19924 root      25   5  130m  83m  64m S   10  1.1   3:20.51 bro
> > > > 19990 root      25   5  130m  83m  64m S   10  1.1   3:24.35 bro
> > > > 14745 root      25   5  129m  83m  64m R    8  1.0  11:29.13 bro
> > > > 14752 root      25   5  129m  83m  64m S    8  1.0  11:05.62 bro
> > > > 14168 root      20   0  281m  26m 3932 S    4  0.3   1:14.69 bro
> > > > 21012 sguil     20   0  539m 214m  10m S    4  2.7   1:05.61 snort
> > > > 21158 sguil     20   0  540m 216m  10m S    4  2.7   1:04.54 snort
> > > > 15 root      20   0     0    0    0 S    2  0.0   0:43.15
> ksoftirqd/2
> > > > 1400 mysql     20   0 1562m 244m 8068 S    2  3.1   5:47.58 mysqld
> > > > 13450 root      20   0 17468 1276  868 R    2  0.0   0:00.01 top
> > > > 19781 root      20   0 1577m  26m 3932 R    2  0.3   0:28.37 bro
> > > > 19833 root      20   0  205m  22m 3916 R    2  0.3   0:26.95 bro
> > > > 21097 sguil     20   0  538m 212m  10m S    2  2.7   0:55.58 snort
> > > > 1 root      20   0 24588 2048 1296 S    0  0.0   0:00.90 init
> > > > 2 root      20   0     0    0    0 S    0  0.0   0:00.00 kthreadd
> > > > 3 root      20   0     0    0    0 S    0  0.0   0:32.40
> ksoftirqd/0
> > > > 4 root      20   0     0    0    0 S    0  0.0   0:01.57
> kworker/0:0
> > > > 6 root      RT   0     0    0    0 S    0  0.0   0:00.11
> migration/0
> > > > 7 root      RT   0     0    0    0 S    0  0.0   0:00.02 watchdog/0
> > > > 8 root      RT   0     0    0    0 S    0  0.0   0:00.10
> migration/1
> > > > 10 root      20   0     0    0    0 S    0  0.0   0:33.77
> ksoftirqd/1
> > > > 12 root      RT   0     0    0    0 S    0  0.0   0:00.01 watchdog/1
> > > > 13 root      RT   0     0    0    0 S    0  0.0   0:00.10
> migration/2
> > > > 16 root      RT   0     0    0    0 S    0  0.0   0:00.27 watchdog/2
> > > > 17 root      RT   0     0    0    0 S    0  0.0   0:00.29
> migration/3
> > > > 19 root      20   0     0    0    0 S    0  0.0   0:45.20
> ksoftirqd/3
> > > > 20 root      RT   0     0    0    0 S    0  0.0   0:00.01 watchdog/3
> > > > 21 root       0 -20     0    0    0 S    0  0.0   0:00.00 cpuset
> > > > 22 root       0 -20     0    0    0 S    0  0.0   0:00.00 khelper
> > > > 23 root      20   0     0    0    0 S    0  0.0   0:00.00 kdevtmpfs
> > > > 24 root       0 -20     0    0    0 S    0  0.0   0:00.00 netns
> > > > 25 root      20   0     0    0    0 S    0  0.0   0:00.04
> kworker/u:1
> > > > 26 root      20   0     0    0    0 S    0  0.0   0:00.00
> sync_supers
> > > > 27 root      20   0     0    0    0 S    0  0.0   0:00.00
> bdi-default
> > > > 28 root       0 -20     0    0    0 S    0  0.0   0:00.00
> kintegrityd
> > > > 29 root       0 -20     0    0    0 S    0  0.0   0:00.00 kblockd
> > > > 30 root       0 -20     0    0    0 S    0  0.0   0:00.00 ata_sff
> > > > 31 root      20   0     0    0    0 S    0  0.0   0:00.00 khubd
> > > > 32 root       0 -20     0    0    0 S    0  0.0   0:00.00 md
> > > > 33 root      20   0     0    0    0 S    0  0.0   0:00.00 khungtaskd
> > > > 34 root      20   0     0    0    0 S    0  0.0   0:06.52 kswapd0
> > > > 35 root      25   5     0    0    0 S    0  0.0   0:00.00 ksmd
> > > > 
> > > > --
> > > > You received this message because you are subscribed to the Google
> Groups
> > > > "security-onion" group.
> > > > To unsubscribe from this group and stop receiving emails from it, send
> an
> > > > email to security-onion+unsubscribe@googlegroups.com.
> > > > To post to this group, send email to security-onion@googlegroups.com.
> > > > Visit this group at
> > > > http://groups.google.com/group/security-onion?hl=en-US.
> > > > For more options, visit https://groups.google.com/groups/opt_out.
> > > > 
> > > > 
> > > 
> > > 
> > > --
> > > Doug Burks
> > > http://securityonion.blogspot.com
> > > 
> > > 
> > > --
> > > You received this message because you are subscribed to the Google
> Groups
> > > "security-onion" group.
> > > To unsubscribe from this group and stop receiving emails from it, send
> an
> > > email to security-onion+unsubscribe@googlegroups.com.
> > > To post to this group, send email to security-onion@googlegroups.com.
> > > Visit this group at
> > > http://groups.google.com/group/security-onion?hl=en-US.
> > > For more options, visit https://groups.google.com/groups/opt_out.
> > > 
> > > 
> > 
> > 
> > --
> > You received this message because you are subscribed to the Google Groups
> > "security-onion" group.
> > To unsubscribe from this group and stop receiving emails from it, send an
> > email to security-onion+unsubscribe@googlegroups.com.
> > To post to this group, send email to security-onion@googlegroups.com.
> > Visit this group at
> http://groups.google.com/group/security-onion?hl=en-US.
> > For more options, visit https://groups.google.com/groups/opt_out.
> > 
> > 
> 
> 
> 
> --
> Doug Burks
> http://securityonion.blogspot.com
> 
> --
> You received this message because you are subscribed to the Google Groups
> "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to security-onion+unsubscribe@googlegroups.com.
> To post to this group, send email to security-onion@googlegroups.com.
> Visit this group at http://groups.google.com/group/security-onion?hl=en-US
> .
> For more options, visit https://groups.google.com/groups/opt_out.
> 
> 
> 

-- 
You received this message because you are subscribed to the Google Groups \
"security-onion" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to security-onion+unsubscribe@googlegroups.com. To post to this \
group, send email to security-onion@googlegroups.com. Visit this group at \
http://groups.google.com/group/security-onion?hl=en-US. For more options, visit \
https://groups.google.com/groups/opt_out.


[Attachment #3 (text/html)]

That fixed it.  Thanks you guys.<br><br><div class="gmail_quote">On Tue, Mar 26, 2013 \
at 4:27 PM, Doug Burks <span dir="ltr">&lt;<a href="mailto:doug.burks@gmail.com" \
target="_blank">doug.burks@gmail.com</a>&gt;</span> wrote:<br> <blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex">Hi Cody,<br> <br>
Based on the following snippet:<br>
<div class="im">Out of resources when opening file<br>
&#39;./securityonion_db/event_winning@002dossec_20130301.MYD&#39; (Errcode:<br>
24)<br>
<br>
</div>please see:<br>
<a href="https://code.google.com/p/security-onion/wiki/FAQ#I_get_periodic_MySQL_crashes_and/or_error_code_24_" \
target="_blank">https://code.google.com/p/security-onion/wiki/FAQ#I_get_periodic_MySQL_crashes_and/or_error_code_24_</a>&quot;out_of_r<br>


<br>
Thanks,<br>
Doug<br>
<div class="HOEnZb"><div class="h5"><br>
On Tue, Mar 26, 2013 at 1:41 PM, Cody Sapp &lt;<a \
href="mailto:tgq714@mocs.utc.edu">tgq714@mocs.utc.edu</a>&gt; wrote:<br> &gt; Here it \
is:<br> &gt;<br>
&gt; 2013-03-26 17:39:49 pid(30942)  Adding AutoCat Rule:<br>
&gt; ||ANY||ANY||ANY||ANY||ANY||ANY||%%REGEXP%%^PADS Changed Asset - domain||1<br>
&gt; 2013-03-26 17:39:49 pid(30942)  Adding AutoCat Rule:<br>
&gt; ||ANY||ANY||ANY||ANY||ANY||ANY||%%REGEXP%%^PADS New Asset - domain||1<br>
&gt; 2013-03-26 17:39:49 pid(30942)  Adding AutoCat Rule:<br>
&gt; ||ANY||ANY||ANY||ANY||ANY||ANY||%%REGEXP%%^PADS Changed Asset - smtp||1<br>
&gt; 2013-03-26 17:39:49 pid(30942)  Adding AutoCat Rule:<br>
&gt; ||ANY||ANY||ANY||ANY||ANY||ANY||%%REGEXP%%^PADS New Asset - smtp||1<br>
&gt; 2013-03-26 17:39:49 pid(30942)  Adding AutoCat Rule:<br>
&gt; ||ANY||ANY||ANY||ANY||ANY||ANY||%%REGEXP%%^PADS Changed Asset - ssh||1<br>
&gt; 2013-03-26 17:39:49 pid(30942)  Adding AutoCat Rule:<br>
&gt; ||ANY||ANY||ANY||ANY||ANY||ANY||%%REGEXP%%^PADS New Asset - ssh||1<br>
&gt; 2013-03-26 17:39:49 pid(30942)  Email Configuration:<br>
&gt; 2013-03-26 17:39:49 pid(30942)    Config file: /etc/sguild/sguild.email<br>
&gt; 2013-03-26 17:39:49 pid(30942)    Enabled: No<br>
&gt; 2013-03-26 17:39:49 pid(30942)  Connecting to localhost on 3306 as sguil<br>
&gt; 2013-03-26 17:39:49 pid(30942)  MySQL Version: version<br>
&gt; 5.5.29-0ubuntu0.12.04.2<br>
&gt; 2013-03-26 17:39:49 pid(30942)  SguilDB Version: 0.13<br>
&gt; 2013-03-26 17:39:49<br>
&gt; *************************************************************<br>
&gt;<br>
&gt;                           ERROR: You appear to be using an old version of<br>
&gt; the<br>
&gt;  sguil database schema that does not support the MERGE tables<br>
&gt;  Please use the migrate_event.tcl script and see the CHANGES<br>
&gt;  document for more information<br>
&gt;<br>
&gt; . Table event returned status =&gt; event {} {} {} {} {} {} {} {} {} {} {} \
{}<br> &gt; {} {} {} {} {Out of resources when opening file<br>
&gt; &#39;./securityonion_db/event_winning@002dossec_20130301.MYD&#39; (Errcode: \
24)}<br> &gt;  *************************************************************<br>
&gt;<br>
&gt; SGUILD: Exiting...<br>
&gt; ~<br>
&gt;<br>
&gt;<br>
&gt; On Mon, Mar 25, 2013 at 6:19 PM, Doug Burks &lt;<a \
href="mailto:doug.burks@gmail.com">doug.burks@gmail.com</a>&gt; wrote:<br> \
&gt;&gt;<br> &gt;&gt; Answered you in your first email.<br>
&gt;&gt; Doug<br>
&gt;&gt;<br>
&gt;&gt;<br>
&gt;&gt; On Monday, March 25, 2013, Cody Sapp wrote:<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; Here is the output from sostat:<br>
&gt;&gt;&gt; =========================================================================<br>
 &gt;&gt;&gt; Service Status<br>
&gt;&gt;&gt; =========================================================================<br>
 &gt;&gt;&gt; Status: securityonion<br>
&gt;&gt;&gt;   * sguil server[ FAIL ]<br>
&gt;&gt;&gt; Status: HIDS<br>
&gt;&gt;&gt;   * ossec_agent (sguil)[  OK  ]<br>
&gt;&gt;&gt; Status: Bro<br>
&gt;&gt;&gt; Name       Type       Host       Status        Pid    Peers  Started<br>
&gt;&gt;&gt; manager    manager    NOPE       running       19781  ???    25 Mar<br>
&gt;&gt;&gt; 20:48:23<br>
&gt;&gt;&gt; proxy      proxy      NOPE       running       19833  ???    25 Mar<br>
&gt;&gt;&gt; 20:48:25<br>
&gt;&gt;&gt; winning-eth0-1 worker NOPE       running       19919  ???    25 Mar<br>
&gt;&gt;&gt; 20:48:27<br>
&gt;&gt;&gt; winning-eth0-2 worker NOPE       running       19918  ???    25 Mar<br>
&gt;&gt;&gt; 20:48:27<br>
&gt;&gt;&gt; winning-eth1-1 worker NOPE       running       19920  ???    25 Mar<br>
&gt;&gt;&gt; 20:48:27<br>
&gt;&gt;&gt; winning-eth1-2 worker NOPE       running       19921  ???    25 Mar<br>
&gt;&gt;&gt; 20:48:27<br>
&gt;&gt;&gt; Status: winning-eth0<br>
&gt;&gt;&gt;   * netsniff-ng (full packet data)[  OK  ]<br>
&gt;&gt;&gt;   * pcap_agent (sguil)[  OK  ]<br>
&gt;&gt;&gt;   * snort_agent-1 (sguil)[  OK  ]<br>
&gt;&gt;&gt;   * snort_agent-2 (sguil)[  OK  ]<br>
&gt;&gt;&gt;   * snort_agent-3 (sguil)[  OK  ]<br>
&gt;&gt;&gt;   * snort-1 (alert data)[  OK  ]<br>
&gt;&gt;&gt;   * snort-2 (alert data)[  OK  ]<br>
&gt;&gt;&gt;   * snort-3 (alert data)[  OK  ]<br>
&gt;&gt;&gt;   * barnyard2-1 (spooler, unified2 format)[  OK  ]<br>
&gt;&gt;&gt;   * barnyard2-2 (spooler, unified2 format)[  OK  ]<br>
&gt;&gt;&gt;   * barnyard2-3 (spooler, unified2 format)[  OK  ]<br>
&gt;&gt;&gt;   * prads (sessions/assets)[  OK  ]<br>
&gt;&gt;&gt;   * sancp_agent (sguil)[  OK  ]<br>
&gt;&gt;&gt;   * pads_agent (sguil)[  OK  ]<br>
&gt;&gt;&gt;   * argus[  OK  ]<br>
&gt;&gt;&gt;   * http_agent (sguil)[  OK  ]<br>
&gt;&gt;&gt; Status: winning-eth1<br>
&gt;&gt;&gt;   * netsniff-ng (full packet data)[  OK  ]<br>
&gt;&gt;&gt;   * pcap_agent (sguil)[  OK  ]<br>
&gt;&gt;&gt;   * snort_agent-1 (sguil)[  OK  ]<br>
&gt;&gt;&gt;   * snort_agent-2 (sguil)[  OK  ]<br>
&gt;&gt;&gt;   * snort_agent-3 (sguil)[  OK  ]<br>
&gt;&gt;&gt;   * snort-1 (alert data)[  OK  ]<br>
&gt;&gt;&gt;   * snort-2 (alert data)[  OK  ]<br>
&gt;&gt;&gt;   * snort-3 (alert data)[  OK  ]<br>
&gt;&gt;&gt;   * barnyard2-1 (spooler, unified2 format)[  OK  ]<br>
&gt;&gt;&gt;   * barnyard2-2 (spooler, unified2 format)[  OK  ]<br>
&gt;&gt;&gt;   * barnyard2-3 (spooler, unified2 format)[  OK  ]<br>
&gt;&gt;&gt;   * prads (sessions/assets)[  OK  ]<br>
&gt;&gt;&gt;   * sancp_agent (sguil)[  OK  ]<br>
&gt;&gt;&gt;   * pads_agent (sguil)[  OK  ]<br>
&gt;&gt;&gt;   * argus[  OK  ]<br>
&gt;&gt;&gt;   * http_agent (sguil)[  OK  ]<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; =========================================================================<br>
 &gt;&gt;&gt; Interface Status<br>
&gt;&gt;&gt; =========================================================================<br>
 &gt;&gt;&gt; eth0      Link encap:Ethernet  HWaddr 00:50:45:5d:0e:2c<br>
&gt;&gt;&gt;           inet addr:NOPE  Bcast:NOPE  Mask:NOPE<br>
&gt;&gt;&gt;           inet6 addr: NOPE Scope:Link<br>
&gt;&gt;&gt;           UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1<br>
&gt;&gt;&gt;           RX packets:191679 errors:0 dropped:0 overruns:0 frame:0<br>
&gt;&gt;&gt;           TX packets:25413 errors:0 dropped:0 overruns:0 carrier:0<br>
&gt;&gt;&gt;           collisions:0 txqueuelen:1000<br>
&gt;&gt;&gt;           RX bytes:19550240 (19.5 MB)  TX bytes:2977185 (2.9 MB)<br>
&gt;&gt;&gt;           Interrupt:27<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; eth1      Link encap:Ethernet  HWaddr NOPE<br>
&gt;&gt;&gt;           UP BROADCAST RUNNING NOARP PROMISC MULTICAST  MTU:1500<br>
&gt;&gt;&gt; Metric:1<br>
&gt;&gt;&gt;           RX packets:2286985 errors:0 dropped:0 overruns:0 frame:0<br>
&gt;&gt;&gt;           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0<br>
&gt;&gt;&gt;           collisions:0 txqueuelen:1000<br>
&gt;&gt;&gt;           RX bytes:1468904635 (1.4 GB)  TX bytes:0 (0.0 B)<br>
&gt;&gt;&gt;           Interrupt:27<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; lo        Link encap:Local Loopback<br>
&gt;&gt;&gt;           inet addr:NOPE  Mask:NOPE<br>
&gt;&gt;&gt;           inet6 addr: NOPE Scope:Host<br>
&gt;&gt;&gt;           UP LOOPBACK RUNNING  MTU:16436  Metric:1<br>
&gt;&gt;&gt;           RX packets:56157 errors:0 dropped:0 overruns:0 frame:0<br>
&gt;&gt;&gt;           TX packets:56157 errors:0 dropped:0 overruns:0 carrier:0<br>
&gt;&gt;&gt;           collisions:0 txqueuelen:0<br>
&gt;&gt;&gt;           RX bytes:53418305 (53.4 MB)  TX bytes:53418305 (53.4 MB)<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; =========================================================================<br>
 &gt;&gt;&gt; Disk Usage<br>
&gt;&gt;&gt; =========================================================================<br>
 &gt;&gt;&gt; Filesystem      Size  Used Avail Use% Mounted on<br>
&gt;&gt;&gt; /dev/sda1       935G  772G  116G  87% /<br>
&gt;&gt;&gt; udev            3.9G  4.0K  3.9G   1% /dev<br>
&gt;&gt;&gt; tmpfs           1.6G  860K  1.6G   1% /run<br>
&gt;&gt;&gt; none            5.0M     0  5.0M   0% /run/lock<br>
&gt;&gt;&gt; none            3.9G     0  3.9G   0% /run/shm<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; =========================================================================<br>
 &gt;&gt;&gt; Network Sockets<br>
&gt;&gt;&gt; =========================================================================<br>
 &gt;&gt;&gt;<br>
&gt;&gt;&gt; [Skipping this because I do not think it is important.  There were \
no<br> &gt;&gt;&gt; errors or anything in this part]<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; =========================================================================<br>
 &gt;&gt;&gt; IDS Rules Update<br>
&gt;&gt;&gt; =========================================================================<br>
 &gt;&gt;&gt; Mon Mar 25 07:01:01 UTC 2013<br>
&gt;&gt;&gt; Backing up current downloaded.rules file before it gets overwritten.<br>
&gt;&gt;&gt; Cleaning up downloaded.rules backup files older than 30 days.<br>
&gt;&gt;&gt; Running PulledPork.<br>
&gt;&gt;&gt;     <a href="http://code.google.com/p/pulledpork/" \
target="_blank">http://code.google.com/p/pulledpork/</a><br> &gt;&gt;&gt;       _____ \
____<br> &gt;&gt;&gt;      `----,\    )<br>
&gt;&gt;&gt;       `--==\\  /    PulledPork v0.6.1 the Smoking Pig &lt;////~<br>
&gt;&gt;&gt;        `--==\\/<br>
&gt;&gt;&gt;      .-~~~~-.Y|\\_  Copyright (C) 2009-2011 JJ Cummings<br>
&gt;&gt;&gt;   @_/        /  66\_  <a \
href="mailto:cummingsj@gmail.com">cummingsj@gmail.com</a><br> &gt;&gt;&gt;     |    \ \
\   _(&quot;)<br> &gt;&gt;&gt;      \   /-| ||&#39;--&#39;  Rules give me wings!<br>
&gt;&gt;&gt;       \_\  \_\\<br>
&gt;&gt;&gt;  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br>
&gt;&gt;&gt; Checking latest MD5 for emerging.rules.tar.gz....<br>
&gt;&gt;&gt;         They Match<br>
&gt;&gt;&gt;         Done!<br>
&gt;&gt;&gt; Prepping rules from emerging.rules.tar.gz for work....<br>
&gt;&gt;&gt;         Done!<br>
&gt;&gt;&gt; Reading rules...<br>
&gt;&gt;&gt; Generating Stub Rules....<br>
&gt;&gt;&gt;         Done<br>
&gt;&gt;&gt; Reading rules...<br>
&gt;&gt;&gt; Reading rules...<br>
&gt;&gt;&gt; Reading rules...<br>
&gt;&gt;&gt; Processing /etc/nsm/pulledpork/enablesid.conf....<br>
&gt;&gt;&gt;         Modified 0 rules<br>
&gt;&gt;&gt;         Done<br>
&gt;&gt;&gt; Processing /etc/nsm/pulledpork/dropsid.conf....<br>
&gt;&gt;&gt;         Modified 0 rules<br>
&gt;&gt;&gt;         Done<br>
&gt;&gt;&gt; Processing /etc/nsm/pulledpork/disablesid.conf....<br>
&gt;&gt;&gt;         Modified 0 rules<br>
&gt;&gt;&gt;         Done<br>
&gt;&gt;&gt; Modifying Sids....<br>
&gt;&gt;&gt;         Done!<br>
&gt;&gt;&gt; Setting Flowbit State....<br>
&gt;&gt;&gt;         Enabled 11 flowbits<br>
&gt;&gt;&gt;         Done<br>
&gt;&gt;&gt; Writing /etc/nsm/rules/downloaded.rules....<br>
&gt;&gt;&gt;         Done<br>
&gt;&gt;&gt; Writing /etc/nsm/rules/so_rules.rules....<br>
&gt;&gt;&gt;         Done<br>
&gt;&gt;&gt; Generating sid-msg.map....<br>
&gt;&gt;&gt;         Done<br>
&gt;&gt;&gt; Writing /etc/nsm/rules/sid-msg.map....<br>
&gt;&gt;&gt;         Done<br>
&gt;&gt;&gt; Writing /var/log/sid_changes.log....<br>
&gt;&gt;&gt;         Done<br>
&gt;&gt;&gt; Rule Stats....<br>
&gt;&gt;&gt;         New:-------0<br>
&gt;&gt;&gt;         Deleted:---0<br>
&gt;&gt;&gt;         Enabled Rules:----13845<br>
&gt;&gt;&gt;         Dropped Rules:----0<br>
&gt;&gt;&gt;         Disabled Rules:---3208<br>
&gt;&gt;&gt;         Total Rules:------17053<br>
&gt;&gt;&gt;         Done<br>
&gt;&gt;&gt; Please review /var/log/sid_changes.log for additional details<br>
&gt;&gt;&gt; Fly Piggy Fly!<br>
&gt;&gt;&gt; Restarting Barnyard2.<br>
&gt;&gt;&gt; Restarting: winning-eth0<br>
&gt;&gt;&gt;   * stopping: barnyard2-1 (spooler, unified2 format)[  OK  ]<br>
&gt;&gt;&gt;   * starting: barnyard2-1 (spooler, unified2 format)[  OK  ]<br>
&gt;&gt;&gt;   * stopping: barnyard2-2 (spooler, unified2 format)[  OK  ]<br>
&gt;&gt;&gt;   * starting: barnyard2-2 (spooler, unified2 format)[  OK  ]<br>
&gt;&gt;&gt;   * stopping: barnyard2-3 (spooler, unified2 format)[  OK  ]<br>
&gt;&gt;&gt;   * starting: barnyard2-3 (spooler, unified2 format)[  OK  ]<br>
&gt;&gt;&gt; Restarting: winning-eth1<br>
&gt;&gt;&gt;   * stopping: barnyard2-1 (spooler, unified2 format)[  OK  ]<br>
&gt;&gt;&gt;   * starting: barnyard2-1 (spooler, unified2 format)[  OK  ]<br>
&gt;&gt;&gt;   * stopping: barnyard2-2 (spooler, unified2 format)[  OK  ]<br>
&gt;&gt;&gt;   * starting: barnyard2-2 (spooler, unified2 format)[  OK  ]<br>
&gt;&gt;&gt;   * stopping: barnyard2-3 (spooler, unified2 format)[  OK  ]<br>
&gt;&gt;&gt;   * starting: barnyard2-3 (spooler, unified2 format)[  OK  ]<br>
&gt;&gt;&gt; Restarting IDS Engine.<br>
&gt;&gt;&gt; Restarting: winning-eth0<br>
&gt;&gt;&gt;   * stopping: snort-1 (alert data)[  OK  ]<br>
&gt;&gt;&gt;   * starting: snort-1 (alert data)[  OK  ]<br>
&gt;&gt;&gt;   * stopping: snort-2 (alert data)[  OK  ]<br>
&gt;&gt;&gt;   * starting: snort-2 (alert data)[  OK  ]<br>
&gt;&gt;&gt;   * stopping: snort-3 (alert data)[  OK  ]<br>
&gt;&gt;&gt;   * starting: snort-3 (alert data)[  OK  ]<br>
&gt;&gt;&gt; Restarting: winning-eth1<br>
&gt;&gt;&gt;   * stopping: snort-1 (alert data)[  OK  ]<br>
&gt;&gt;&gt;   * starting: snort-1 (alert data)[  OK  ]<br>
&gt;&gt;&gt;   * stopping: snort-2 (alert data)[  OK  ]<br>
&gt;&gt;&gt;   * starting: snort-2 (alert data)[  OK  ]<br>
&gt;&gt;&gt;   * stopping: snort-3 (alert data)[  OK  ]<br>
&gt;&gt;&gt;   * starting: snort-3 (alert data)[  OK  ]<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; =========================================================================<br>
 &gt;&gt;&gt; CPU Usage<br>
&gt;&gt;&gt; =========================================================================<br>
 &gt;&gt;&gt; top - 21:16:22 up  1:22,  2 users,  load average: 10.47, 10.93, \
11.52<br> &gt;&gt;&gt; Tasks: 205 total,  11 running, 194 sleeping,   0 stopped,   0 \
zombie<br> &gt;&gt;&gt; Cpu(s): 25.1%us, 52.3%sy,  5.0%ni, 12.1%id,  5.0%wa,  0.1%hi, \
0.5%si,<br> &gt;&gt;&gt; 0.0%st<br>
&gt;&gt;&gt; Mem:   8178204k total,  7765188k used,   413016k free,   436188k \
buffers<br> &gt;&gt;&gt; Swap: 12474632k total,     7828k used, 12466804k free,  \
3618300k cached<br> &gt;&gt;&gt;<br>
&gt;&gt;&gt;   PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND<br>
&gt;&gt;&gt; 14227 root      25   5 82004  20m  892 R   33  0.3  19:05.23 bro<br>
&gt;&gt;&gt; 19789 root      25   5  153m  20m  920 R   31  0.3   6:10.10 bro<br>
&gt;&gt;&gt; 14728 root      20   0  287m 105m  70m S   22  1.3  15:03.66 bro<br>
&gt;&gt;&gt; 19838 root      25   5 65616  19m  820 S   22  0.2   5:38.00 bro<br>
&gt;&gt;&gt; 14729 root      20   0  288m 107m  71m R   20  1.3  14:44.39 bro<br>
&gt;&gt;&gt; 19918 root      20   0  205m  95m  68m S   20  1.2   5:05.09 bro<br>
&gt;&gt;&gt; 19921 root      20   0  286m 104m  70m S   20  1.3   5:10.17 bro<br>
&gt;&gt;&gt; 14726 root      20   0  206m  95m  68m R   16  1.2  14:59.93 bro<br>
&gt;&gt;&gt; 19919 root      20   0  277m  95m  68m S   16  1.2   4:57.49 bro<br>
&gt;&gt;&gt; 19929 root      25   5  130m  83m  64m R   16  1.1   3:21.29 bro<br>
&gt;&gt;&gt; 14727 root      20   0  278m  95m  68m S   14  1.2  14:56.62 bro<br>
&gt;&gt;&gt; 19920 root      20   0  285m 104m  70m R   14  1.3   5:08.26 bro<br>
&gt;&gt;&gt; 20010 root      25   5  130m  83m  64m R   12  1.1   3:11.31 bro<br>
&gt;&gt;&gt; 14732 root      25   5  129m  83m  64m S   10  1.0  11:03.68 bro<br>
&gt;&gt;&gt; 14737 root      25   5  129m  83m  64m S   10  1.0  11:38.42 bro<br>
&gt;&gt;&gt; 19924 root      25   5  130m  83m  64m S   10  1.1   3:20.51 bro<br>
&gt;&gt;&gt; 19990 root      25   5  130m  83m  64m S   10  1.1   3:24.35 bro<br>
&gt;&gt;&gt; 14745 root      25   5  129m  83m  64m R    8  1.0  11:29.13 bro<br>
&gt;&gt;&gt; 14752 root      25   5  129m  83m  64m S    8  1.0  11:05.62 bro<br>
&gt;&gt;&gt; 14168 root      20   0  281m  26m 3932 S    4  0.3   1:14.69 bro<br>
&gt;&gt;&gt; 21012 sguil     20   0  539m 214m  10m S    4  2.7   1:05.61 snort<br>
&gt;&gt;&gt; 21158 sguil     20   0  540m 216m  10m S    4  2.7   1:04.54 snort<br>
&gt;&gt;&gt;    15 root      20   0     0    0    0 S    2  0.0   0:43.15 \
ksoftirqd/2<br> &gt;&gt;&gt;  1400 mysql     20   0 1562m 244m 8068 S    2  3.1   \
5:47.58 mysqld<br> &gt;&gt;&gt; 13450 root      20   0 17468 1276  868 R    2  0.0   \
0:00.01 top<br> &gt;&gt;&gt; 19781 root      20   0 1577m  26m 3932 R    2  0.3   \
0:28.37 bro<br> &gt;&gt;&gt; 19833 root      20   0  205m  22m 3916 R    2  0.3   \
0:26.95 bro<br> &gt;&gt;&gt; 21097 sguil     20   0  538m 212m  10m S    2  2.7   \
0:55.58 snort<br> &gt;&gt;&gt;     1 root      20   0 24588 2048 1296 S    0  0.0   \
0:00.90 init<br> &gt;&gt;&gt;     2 root      20   0     0    0    0 S    0  0.0   \
0:00.00 kthreadd<br> &gt;&gt;&gt;     3 root      20   0     0    0    0 S    0  0.0  \
0:32.40 ksoftirqd/0<br> &gt;&gt;&gt;     4 root      20   0     0    0    0 S    0  \
0.0   0:01.57 kworker/0:0<br> &gt;&gt;&gt;     6 root      RT   0     0    0    0 S   \
0  0.0   0:00.11 migration/0<br> &gt;&gt;&gt;     7 root      RT   0     0    0    0 \
S    0  0.0   0:00.02 watchdog/0<br> &gt;&gt;&gt;     8 root      RT   0     0    0   \
0 S    0  0.0   0:00.10 migration/1<br> &gt;&gt;&gt;    10 root      20   0     0    \
0    0 S    0  0.0   0:33.77 ksoftirqd/1<br> &gt;&gt;&gt;    12 root      RT   0     \
0    0    0 S    0  0.0   0:00.01 watchdog/1<br> &gt;&gt;&gt;    13 root      RT   0  \
0    0    0 S    0  0.0   0:00.10 migration/2<br> &gt;&gt;&gt;    16 root      RT   0 \
0    0    0 S    0  0.0   0:00.27 watchdog/2<br> &gt;&gt;&gt;    17 root      RT   0  \
0    0    0 S    0  0.0   0:00.29 migration/3<br> &gt;&gt;&gt;    19 root      20   0 \
0    0    0 S    0  0.0   0:45.20 ksoftirqd/3<br> &gt;&gt;&gt;    20 root      RT   0 \
0    0    0 S    0  0.0   0:00.01 watchdog/3<br> &gt;&gt;&gt;    21 root       0 -20  \
0    0    0 S    0  0.0   0:00.00 cpuset<br> &gt;&gt;&gt;    22 root       0 -20     \
0    0    0 S    0  0.0   0:00.00 khelper<br> &gt;&gt;&gt;    23 root      20   0     \
0    0    0 S    0  0.0   0:00.00 kdevtmpfs<br> &gt;&gt;&gt;    24 root       0 -20   \
0    0    0 S    0  0.0   0:00.00 netns<br> &gt;&gt;&gt;    25 root      20   0     0 \
0    0 S    0  0.0   0:00.04 kworker/u:1<br> &gt;&gt;&gt;    26 root      20   0     \
0    0    0 S    0  0.0   0:00.00 sync_supers<br> &gt;&gt;&gt;    27 root      20   0 \
0    0    0 S    0  0.0   0:00.00 bdi-default<br> &gt;&gt;&gt;    28 root       0 -20 \
0    0    0 S    0  0.0   0:00.00 kintegrityd<br> &gt;&gt;&gt;    29 root       0 -20 \
0    0    0 S    0  0.0   0:00.00 kblockd<br> &gt;&gt;&gt;    30 root       0 -20     \
0    0    0 S    0  0.0   0:00.00 ata_sff<br> &gt;&gt;&gt;    31 root      20   0     \
0    0    0 S    0  0.0   0:00.00 khubd<br> &gt;&gt;&gt;    32 root       0 -20     0 \
0    0 S    0  0.0   0:00.00 md<br> &gt;&gt;&gt;    33 root      20   0     0    0    \
0 S    0  0.0   0:00.00 khungtaskd<br> &gt;&gt;&gt;    34 root      20   0     0    0 \
0 S    0  0.0   0:06.52 kswapd0<br> &gt;&gt;&gt;    35 root      25   5     0    0    \
0 S    0  0.0   0:00.00 ksmd<br> &gt;&gt;&gt;<br>
&gt;&gt;&gt; --<br>
&gt;&gt;&gt; You received this message because you are subscribed to the Google \
Groups<br> &gt;&gt;&gt; &quot;security-onion&quot; group.<br>
&gt;&gt;&gt; To unsubscribe from this group and stop receiving emails from it, send \
an<br> &gt;&gt;&gt; email to <a \
href="mailto:security-onion%2Bunsubscribe@googlegroups.com">security-onion+unsubscribe@googlegroups.com</a>.<br>
 &gt;&gt;&gt; To post to this group, send email to <a \
href="mailto:security-onion@googlegroups.com">security-onion@googlegroups.com</a>.<br>
 &gt;&gt;&gt; Visit this group at<br>
&gt;&gt;&gt; <a href="http://groups.google.com/group/security-onion?hl=en-US" \
target="_blank">http://groups.google.com/group/security-onion?hl=en-US</a>.<br> \
&gt;&gt;&gt; For more options, visit <a \
href="https://groups.google.com/groups/opt_out" \
target="_blank">https://groups.google.com/groups/opt_out</a>.<br> &gt;&gt;&gt;<br>
&gt;&gt;&gt;<br>
&gt;&gt;<br>
&gt;&gt;<br>
&gt;&gt; --<br>
&gt;&gt; Doug Burks<br>
&gt;&gt; <a href="http://securityonion.blogspot.com" \
target="_blank">http://securityonion.blogspot.com</a><br> &gt;&gt;<br>
&gt;&gt;<br>
&gt;&gt; --<br>
&gt;&gt; You received this message because you are subscribed to the Google \
Groups<br> &gt;&gt; &quot;security-onion&quot; group.<br>
&gt;&gt; To unsubscribe from this group and stop receiving emails from it, send \
an<br> &gt;&gt; email to <a \
href="mailto:security-onion%2Bunsubscribe@googlegroups.com">security-onion+unsubscribe@googlegroups.com</a>.<br>
 &gt;&gt; To post to this group, send email to <a \
href="mailto:security-onion@googlegroups.com">security-onion@googlegroups.com</a>.<br>
 &gt;&gt; Visit this group at<br>
&gt;&gt; <a href="http://groups.google.com/group/security-onion?hl=en-US" \
target="_blank">http://groups.google.com/group/security-onion?hl=en-US</a>.<br> \
&gt;&gt; For more options, visit <a href="https://groups.google.com/groups/opt_out" \
target="_blank">https://groups.google.com/groups/opt_out</a>.<br> &gt;&gt;<br>
&gt;&gt;<br>
&gt;<br>
&gt;<br>
&gt; --<br>
&gt; You received this message because you are subscribed to the Google Groups<br>
&gt; &quot;security-onion&quot; group.<br>
&gt; To unsubscribe from this group and stop receiving emails from it, send an<br>
&gt; email to <a href="mailto:security-onion%2Bunsubscribe@googlegroups.com">security-onion+unsubscribe@googlegroups.com</a>.<br>
 &gt; To post to this group, send email to <a \
href="mailto:security-onion@googlegroups.com">security-onion@googlegroups.com</a>.<br>
 &gt; Visit this group at <a \
href="http://groups.google.com/group/security-onion?hl=en-US" \
target="_blank">http://groups.google.com/group/security-onion?hl=en-US</a>.<br> &gt; \
For more options, visit <a href="https://groups.google.com/groups/opt_out" \
target="_blank">https://groups.google.com/groups/opt_out</a>.<br> &gt;<br>
&gt;<br>
<br>
<br>
<br>
--<br>
Doug Burks<br>
<a href="http://securityonion.blogspot.com" \
target="_blank">http://securityonion.blogspot.com</a><br> <br>
--<br>
You received this message because you are subscribed to the Google Groups \
&quot;security-onion&quot; group.<br> To unsubscribe from this group and stop \
receiving emails from it, send an email to <a \
href="mailto:security-onion%2Bunsubscribe@googlegroups.com">security-onion+unsubscribe@googlegroups.com</a>.<br>
 To post to this group, send email to <a \
href="mailto:security-onion@googlegroups.com">security-onion@googlegroups.com</a>.<br>
 Visit this group at <a href="http://groups.google.com/group/security-onion?hl=en-US" \
target="_blank">http://groups.google.com/group/security-onion?hl=en-US</a>.<br> For \
more options, visit <a href="https://groups.google.com/groups/opt_out" \
target="_blank">https://groups.google.com/groups/opt_out</a>.<br> <br>
<br>
</div></div></blockquote></div><br>

<p></p>

-- <br />
You received this message because you are subscribed to the Google Groups \
&quot;security-onion&quot; group.<br /> To unsubscribe from this group and stop \
receiving emails from it, send an email to \
security-onion+unsubscribe@googlegroups.com.<br /> To post to this group, send email \
to security-onion@googlegroups.com.<br /> Visit this group at <a \
href="http://groups.google.com/group/security-onion?hl=en-US">http://groups.google.com/group/security-onion?hl=en-US</a>.<br \
/> For more options, visit <a \
href="https://groups.google.com/groups/opt_out">https://groups.google.com/groups/opt_out</a>.<br \
/> &nbsp;<br />
&nbsp;<br />



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic