Re: [Snort-users] Nothing written to logfiles

This is a discussion on Re: [Snort-users] Nothing written to logfiles within the Snort forums, part of the System Security and Security Related category; --On Tuesday, June 15, 2004 05:14:10 PM +1000 James Sinnamon <jaymz@bigpond.net.au> wrote: > ...


Go Back   Usenet Forums > System Security and Security Related > Snort

Reload this Page Re: [Snort-users] Nothing written to logfiles

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 06-15-2004
Paul Schmehl
 
Posts: n/a
Default Re: [Snort-users] Nothing written to logfiles
--On Tuesday, June 15, 2004 05:14:10 PM +1000 James Sinnamon
<jaymz@bigpond.net.au> wrote:

> Dear snort developers and users,
>
> I am not getting anything written to my log files.

What happens when you run snort from the commandline? Do you see alerts
scrolling across the screen like you do if you use tcpdump?
>
> I have scanned my own host from a separate Internet connection:
>
> sleepyhollow:sinnamon$nmap -p 21,22,80,443 144.136.251.208
>
What happens when you scan it with nessus?
>
> greenhouse:/etc/init.d# ps auxwww | grep snort
> snort 2030 0.9 3.6 36732 33164 ? Rs 16:57 0:00
> /usr/sbin/snort \ -m 027 -D -c /etc/snort/snort.conf -l /var/log/snort
> -d -u snort -g snort \ -O -S HOME_NET=[192.168.0.0/24] -i eth0
>
First of all, you've defined HOME_NET in your snort conf file. No need to
define it on the commandline, plus the way you've done it is meaningless
and *should* be generating an error. Have you looked in the messages file
for errors when you try to start snort?

snort HOME_NET=[129.110.0.0/16]
Running in IDS mode with inferred config file: /usr/local/etc/snort.conf
Log directory = /var/log/snort

Initializing Network Interface xl0
OpenPcap() device xl0 network lookup:
xl0: no IPv4 address assigned
ERROR: OpenPcap() FSM compilation failed:
syntax error
PCAP command: HOME_NET=[129.110.0.0/16]
Fatal Error, Quitting..

Paul Schmehl (pauls@utdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/ir/security/


-------------------------------------------------------
This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference
Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer
Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA
REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 12:33 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0