RE: [Snort-users] Snort isn't doing anything..
This is a discussion on RE: [Snort-users] Snort isn't doing anything.. within the Snort forums, part of the System Security and Security Related category; Is it a true hub, some hubs are really switches=2E The archives have a=0D= =0Alot about this issue=...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
03-03-2005
|
|||
|
|||
RE: [Snort-users] Snort isn't doing anything..
Is it a true hub, some hubs are really switches=2E The archives have a=0D=
=0Alot about this issue=2E What make and model? =0D=0A=0D=0A-----Original = Message-----=0D=0AFrom: Marc Hering [mailto:mhering@reval=2Ecom] =0D=0ASent= : Wednesday, March 02, 2005 4:09 PM=0D=0ATo: snort-users@lists=2Esourceforg= e=2Enet=0D=0ASubject: [Snort-users] Snort isn't doing anything=2E=2E=0D=0A= =0D=0AHey Everyone=2E=2E=2E=0D=0A=0D=0AI just setup my first snort box runn= ing on Fedora Core 3=2E I installed=0D=0Aeverything, including ACID and st= arted snort up=2E=2E=2EIt starts up just fine=0D=0Aand a ps auxww |grep sno= rt shows that the app is running=2E=2E=0D=0A =0D=0A502 3740 0=2E7 14= =2E5 41444 37196 ? Ss 16:56 0:01=0D=0A/usr/local/bin/snort -c /us= r/local/snort/etc/snort=2Econf -i eth1 -g=0D=0Asnortgroup -D -u snortuser= =0D=0A=0D=0A =0D=0AHowever, If I run an nmap scan (doesn't matter what opti= ons) on any host=0D=0Aon my network (Snort can see it, it's on a hub) it do= esn't log anything=2E=0D=0ASo far it's only logged 1 alert for a SQL scan= =2E=2E I have tried updating=0D=0Athe rules to no avail=2E=2E=2E=0D=0A =0D= =0AMy snort=2Econf is the default out of the box setup, the only things i= =0D=0Ahave changed are as follows=0D=0A =0D=0A***********************Chang= ed items in=0D=0Asnort=2Econf****************************** **=0D=0Avar RULE= _PATH /usr/local/snort/rules=0D=0A =0D=0A =0D=0Aoutput database: log, mysql= , user=3Dthepropersnortuser=0D=0Apassword=3Dsnortuse rspassword dbname=3Dthe= snortdatabase host=3Dlocalhost=0D=0A (Names have been changed to protect t= he innocent :) )=0D=0A =0D=0A output alert_syslog: LOG_LOCAL3=0D=0A output= alert_fast: snort=2Elog=0D=0A output alert_full: alert=2Efull=0D=0A*******= *****************************************=0D=0A=0D =0A =0D=0A =0D=0AFrom wha= t I can understand=2E=2E=2E=2Ethis SHOULD work, is there something I=0D=0Ah= ave missed????=0D=0A =0D=0AThanks=0D=0A=0D=0A=0D=0A=0D=0A------------------= -----------------------=0D=0ADisclaimer: This electronic message, includin= g any attachments, is=0D=0Aconfidential and intended solely for use of the = intended recipient(s)=2E This=0D=0Amessage may contain information that is = privileged or otherwise protected=0D=0Afrom disclosure by applicable law=2E= Any unauthorized disclosure,=0D=0Adissemination, use or reproduction is st= rictly prohibited=2E If you have=0D=0Areceived this message in error, pleas= e delete it and notify the sender=0D=0Aimmediately=2E=0D=0A ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
