search

leonward / snoge

Automatically exported from code.google.com/p/snoge
0 stars 0 forks source link

server.kml file is not updating with IPS events. #5

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
I have installed snort and snoge on to a clean debian build with no 
problems.
The IPS events are pushed into the snogle.kml file no problem so can be 
manually loaded into google earth.
The issue I have is that the server.kml file I want to use to auto-refresh 
the ips data is not recieving any events at all.
I have checked file permissions and apache log files but am now a bit 
stuck; if anyone can offer some advice what to check next or if you have 
seen this issue before, any pointers would be much appreciated.
mode=unified
kmlfile=/var/www/snoge/snoge.kml (this works fine)
updateurl=http://localhost/snoge/server.kml (this does not work)
Thanks
H

Original issue reported on code.google.com by hestcour...@googlemail.com on 10 May 2010 at 11:05

GoogleCodeExporter commented 9 years ago 
Email me your server.kml file, and Ill check it's valid.

Original comment by leon.j.w...@gmail.com on 10 May 2010 at 11:36

GoogleCodeExporter commented 9 years ago 
I think I just found the problem, I had not changed the server.kml file to 
point to 
the snoge.kml file. (I incorrectly assumed that this server.kml file would be 
fed by 
the same process which populates the snoge.kml file) This is now working.

One other quick question if you have time; I attended the infosec conference 
last 
week and saw snoge running on the sourcefire stand.  the system that was 
running was 
zooming in on source addresses to near street level and displaying the attack 
details; was this achieved by configuring some kind of tour option within 
google 
earth?
Brgds
Howard

Original comment by hestcour...@googlemail.com on 10 May 2010 at 12:37

GoogleCodeExporter commented 9 years ago 
Yeah, someone would have hit the "play" button with the first placemark 
selected.
I assume that any tour would stop when the server kml reloads new content, but 
I could be wrong.

-Leon

Original comment by leon.j.w...@gmail.com on 10 May 2010 at 1:56

GoogleCodeExporter commented 9 years ago

Original comment by leon.j.w...@gmail.com on 10 May 2010 at 1:57