Snort mailing list archives
Re: Help me please :(
From: James Hoagland <hoagland () SiliconDefense com>
Date: Wed, 13 Feb 2002 08:19:27 -0800
At 11:35 AM +0530 2/13/02, Santosh M Hulkund wrote:
Hi Gurus, I need u r help, if u can spare few minutes to read this mail. I am just a beginner, I installed Snort Version 1.8.4-beta1 (Build 91) on one of my Linux box. For testing I changed the telnet.rules as alert tcp any any -> 10.10.XXX.XXX 23 With no rule options, here 10.10.XXX.XXX is my Linux box. I ran snort. After this I tried to telnet on this Linux box, so that it would generate alert. I checked the alert file in /var/log/snort, there was some data present. Then I ran snortsnarf.pl -d /home/santosh/www -ldir /var/log/snort, so that it would generate a html page. The output was 0 alerts found using input module SnortFileInput, with sources: /var/log/snort.alert What could be the reason, If the question is very silly pardon me.
Note the discrepancy between the file your alerts are stored in (/var/log/snort) and the file SnortFileInput tried to get your alerts from (/var/log/snort.alert). Since you did not specify an input file on the command line, SnortSnarf tried its default. Add '/var/log/snort' to the end of your snortsnarf.pl command line.
Inspired by this message, the next version of SnortSnarf will have better warning when input files do not exist.
Regards, Jim -- |* Jim Hoagland, Associate Researcher, Silicon Defense *| |* --- Silicon Defense: IDS Solutions --- *| |* hoagland () SiliconDefense com, http://www.silicondefense.com/ *| |* Voice: (530) 756-7317 Fax: (530) 756-7297 *| _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Help me please :( Santosh M Hulkund (Feb 12)
- Re: Help me please :( James Hoagland (Feb 13)