[prads-users] How do I submit that prads is labeling OS's wrong?
Andy Berryman
aberryman at Cymtec.com
Thu May 20 17:57:44 CEST 2010
I have attached the logs. I can provide more if needed. Seems every single one is wrong.
Thanks,
Andy
-----Original Message-----
From: Edward Bjarte Fjellskål [mailto:edward.fjellskal at redpill-linpro.com]
Sent: Thursday, May 20, 2010 1:46 AM
To: Andy Berryman
Cc: prads-users at projects.linpro.no
Subject: Re: [prads-users] How do I submit that prads is labeling OS's wrong?
Andy Berryman wrote:
> I let prads run for the last 18 hours and just created my xml file with
> prads2snort.pl. I'm looking through the xml file now and every Windows
> box is labeled as running "XP" under <VERSION> no matter if it's Windows
> server 2003, Vista, or Windows 7. They all show as XP.
>
> What do you need from me to submit to fix this?
>
Hi Andy,
Can you extract from prads-asset.log 3 examples ?
One for each windows version?
like for a Vista machine with IP x.x.x.x:
grep "x.x.x.x" /var/log/prads-asset.log > /tmp/vista.log
and the same for WS2003 and W7 etc?
You may obfuscate the real IPs :)
Attache the vista.log , ws2k3.log and w7.log here.
Regards,
Edward
>
> Thanks,
>
> Andy Berryman
###############################################################################
This message from Cymtec Systems, Inc. contains confidential information and is solely for the use of the recipient(s) named above. If you are not the intended recipient or an agent responsible for delivering it to the intended recipient, you are hereby notified that you have received this message in error and that any review, disclosure, copying, distribution or use of the contents of this message is strictly prohibited. If you have received this message in error, please destroy it immediately and notify Cymtec Systems, Inc. by telephone at +1.314.993.8700 or by return e-mail.
###############################################################################
-------------- next part --------------
A non-text attachment was scrubbed...
Name: xpsp3.log
Type: application/octet-stream
Size: 1077 bytes
Desc: xpsp3.log
Url : http://projects.linpro.no/pipermail/prads-users/attachments/20100520/54be4772/attachment.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ws2k3-64bit-standard.log
Type: application/octet-stream
Size: 363 bytes
Desc: ws2k3-64bit-standard.log
Url : http://projects.linpro.no/pipermail/prads-users/attachments/20100520/54be4772/attachment-0001.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ws2k3-32bit-enterprise.log
Type: application/octet-stream
Size: 979 bytes
Desc: ws2k3-32bit-enterprise.log
Url : http://projects.linpro.no/pipermail/prads-users/attachments/20100520/54be4772/attachment-0002.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: windows7-64bit-ultimate.log
Type: application/octet-stream
Size: 1306 bytes
Desc: windows7-64bit-ultimate.log
Url : http://projects.linpro.no/pipermail/prads-users/attachments/20100520/54be4772/attachment-0003.obj
More information about the prads-users
mailing list