We dump a lot of information into the blackd.log file.
Most problems can be solved simply by looking in this file.
When the program exits and restarts, it saves the previous version
of blackd.log in a file called blackd-old.log. If debugging
a problem that happened in the past, please send us a copy of that file.
Location
The files are located in the installation directory.
Typically, this is c:\Program Files\Network ICE\BlackICE
Contents
The start of the file contains a section that looks something like:
WinNT v4.0 (build 1381) Service Pack 5
IN::Mon, 11 Oct 1999 00:31:33: ICEVER Version = 1.8.6.4
IN::Mon, 11 Oct 1999 00:31:33: ICEVER Copyright = Copyright © 1999, Network ICE Corporation
This tells us the operating system version, possibly any updates that have
been installed, and the version of the intrusion-detection daemon (which may be slightly
different than the version of the product).
------------ blackice.ini -------------
startup.crashdelay = true
adapter.isPromiscuous = false
adapter.isLocal = false
....
Later down in the file, the current configuration as read from
the configuration file "blackice.ini" is printed out. If there is a conflict or misspelling
in the configuration file, this will tell us how the program has interpreted the
configuration. You'll notice a huge number of possible parameters, these are
all the default settings for all the parameters if they aren't specified in
"blackice.ini". Most of them are settings that control the intrusion detection
signatures.
