Unable to install this properly. I feel like we need a better install guide.

jensvoid / lorg

Apache Logfile Security Analyzer

GNU General Public License v2.0

209 stars 50 forks source link

Unable to install this properly. I feel like we need a better install guide. #4

Closed BilalMalik26 closed 9 years ago

BilalMalik26 commented 9 years ago

I really like the idea and some of the features it has to offer. Thrilled to get this up and running, I quickly found myself disappointed due to the lack of proper documentation.

I installed this on SIFT, which is Ubuntu based. I had to install php5, php-cli and some other packages to get the tool to display it's help menu.

I am trying to scan the apache logs but it errors out:

PHP Fatal error: Class 'IDS_Monitor' not found in /home/sansforensics/Desktop/lorg-master/lorg on line 2037

I read the instructions but I am not sure if I followed them properly. It said in step 1 to get "PHPIDS from http://phpids.org, gunzip and untar, then mone IDS/ info the following directory..."

First of all, that link to PHPIDS is broken. Second, there are already some files in the './phpids/' directory. I am assuming PHPIDS came installed.

Finally, I tried to download and install PHPIDS but found out that the naming convention used in the instructions does not match the downloaded package. The instructions direct the user to copy 'IDS/' into the './phpids/' directory. But the downloaded package for PHPIDS does not have a 'IDS/' directory.

Can someone please help me get this project running?

Thank you

jensvoid commented 9 years ago

The install guide is misleading as a customized ./phpids installation already exists if you do a git clone or download the whole project as zip file.

If you follow this simplified install guide:

# sudo apt-get install php5-cli
$ git clone https://github.com/jensvoid/lorg.git

...without downloading PHPIDS yourself. Do you still get the "Class 'IDS_Monitor' not found" error message?

BilalMalik26 commented 9 years ago

Yes, I still get the error “IDS_Monitor” not found even without downloading the PHPIDS myself. I am using the customized IDS installation that came already.

From: jensvoid [mailto:notifications@github.com] Sent: Monday, September 14, 2015 8:44 AM To: jensvoid/lorg Cc: Bilal Malik Subject: Re: [lorg] Unable to install this properly. I feel like we need a better install guide. (#4)

The install guide is misleading as a customized ./phpids installation already exists if you do a git clone or download the whole project as zip file.

If you follow this simplified install guide:

sudo apt-get install php5-cli

$ git clone https://github.com/jensvoid/lorg.git

...without downloading PHPIDS yourself. Do you still get the "Class 'IDS_Monitor' not found" error message?

— Reply to this email directly or view it on GitHubhttps://github.com/jensvoid/lorg/issues/4#issuecomment-140079179.

BilalMalik26 commented 9 years ago

Here's the exact syntax and the error message:

sansforensics@siftworkstation:~/Desktop/lorg-master$ ./lorg -d phpids -b all -u -g localhost_access_log.2014-11-17.txt output

[#] No input file format given - guessing 'common' [#] No output file format given - using 'html' [#] No threshold given - using default value '10' [#] No client identifier given - using 'host' [#] DNSBL lookup enabled - this might be a significant slowdown [#] Non-binary urlencoded requests will be decoded [>] Counting number of lines of 'localhost_access_log.2014-11-17.txt' [>] Processing 4082572 lines of input file 'localhost_access_log.2014-11-17.txt'[>] Processing 4082572 lines of input file 'localhost_access_log.2014-11-17.txt'[>] Processing 4082572 lines of input file 'localhost_access_log.2014-11-17.txt'[>] Processing 4082572 lines of input file 'localhost_access_log.2014-11-17.txt' [4%]PHP Fatal error: Class 'IDS_Monitor' not found in /home/sansforensics/Desktop/lorg-master/lorg on line 2037 sansforensics@siftworkstation:~/Desktop/lorg-master$

BilalMalik26 commented 9 years ago

lorg-master folder phpids

I am also attaching some screenshots of the directory structure to help you better understand the situation. Perhaps, one of these files needs to be renamed to "IDS_Monitor"?

I really appreciate your help and I would love to get this working.

Thank you

jensvoid commented 9 years ago

IDS_Monitor is the name of the class in phpids/Monitor.php, required by PHPIDS.

Monitor.php should be correctly included by Init.php, which marked for inclusion in line 484:

$phpids_requires = array('Init.php', 'Event.php', 'Filter.php', 'Report.php', 'Converter.php');

Are you maybe working on a file system that does not allow symlinks? Check if there is a symlink IDS -> . in the phpids/ directory, if not create one:

$ cd phpids/
$ ln -s . IDS

If the file system does not allow linking (which should have been done at git clone level), try this:

$ cd phpids/
$ mkdir IDS
$ mv Monitor.php Filter Caching IDS/

Hope this helps.