Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 121416 - net-analyzer/mwcollect-3.0.3 logging to file does not work
Summary: net-analyzer/mwcollect-3.0.3 logging to file does not work
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: No maintainer - Look at if you want to take care of it
Depends on:
Reported: 2006-02-03 04:18 UTC by Stefan Behte (RETIRED)
Modified: 2007-07-24 20:36 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2006-02-03 04:18:03 UTC
I wanted to run mwcollect, emerged-3.0.3 and edited /etc/conf.d/mwcollectd:
OPTIONS="-l /var/log/mwcollect.log -L3"
Then I wanted to start:

/etc/init.d/mwcollectd start
 * Starting mwcollectd ...
mwcollect v3.0.3-threestone
$Id: mwcollect.cpp 287 2006-01-19 13:24:50Z oxff $

/usr/sbin/mwcollectd [--version | --help | [--console-log [=tagpattern]] [--daemon]
        [--pid-file=/var/run/] [--user=nobody] [--capabilities]
        [--chroot=/opt/mwcollect/chroot] [--config=/etc/mwcollectd.conf]
        [--load-url=<url2test>] [--parse-shellcode=<file-with-shellcode>]

See the man page for detailed parameter description.                                 

In the man page -l or -L do not exist. Should be fixed.
The logging file is specified in conf/log-file.conf.

Another bug:
No logging directories are created ($LOGDIR/data/binaries, $LOGDIR/data/shellcodes)

I'd suggest this for a "standart" gentoo ebuild:
- create /var/log/mwcollectd
- create /var/log/mwcollectd/data/binaries
- create /var/log/mwcollectd/data/shellcodes
- disable irc by default
- edit conf/log-file.conf, change logfile /var/log/mwcollectd/mwcollectd.log
- einfo to tell the user he has to edit "submit-gotek.conf", where to get that key, etc.
- no manual config should be needed

It would be fine if it ran out of the box (besides adding a key is needed manually), logged everything to /var/log/mwcollectd and submitted malware/shellcode to the alliance-server.

Comment 1 Markus Ullmann (RETIRED) gentoo-dev 2007-07-24 20:36:22 UTC
Please try with 3.0.4, reopen if still b0rked