Re: Help me please :(

[James Hoagland <hoagland () SiliconDefense com>]

At 11:35 AM +0530 2/13/02, Santosh M Hulkund wrote:
>  Hi Gurus,
>
>         I need u r help, if u can spare few minutes to read this mail. I am
> just a beginner, I installed Snort Version 1.8.4-beta1 (Build 91) on one of
> my Linux box. For testing I changed the telnet.rules as
>
>         alert tcp any any  -> 10.10.XXX.XXX 23
>
> With no rule options, here 10.10.XXX.XXX is my Linux box. I ran snort. After
> this I tried to telnet on this Linux box, so that it would generate alert. I
> checked the alert file in /var/log/snort, there was some data present.
>
> Then I ran snortsnarf.pl -d /home/santosh/www -ldir /var/log/snort, so that
> it would generate a html page. The output was
>
> 0 alerts found using input module SnortFileInput, with sources:
> /var/log/snort.alert
>
> What could be the reason, If the question is very silly pardon me.

Note the discrepancy between the file your alerts are stored in 
(/var/log/snort) and the file SnortFileInput tried to get your alerts 
from (/var/log/snort.alert).  Since you did not specify an input file 
on the command line, SnortSnarf tried its default.  Add 
'/var/log/snort' to the end of your snortsnarf.pl command line.

Inspired by this message, the next version of SnortSnarf will have 
better warning when input files do not exist.

Regards,

  Jim

--
|*      Jim Hoagland, Associate Researcher, Silicon Defense      *|
|*            --- Silicon Defense: IDS Solutions ---             *|
|*  hoagland () SiliconDefense com, http://www.silicondefense.com/  *|
|*   Voice: (530) 756-7317                 Fax: (530) 756-7297   *|

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users