Snort mailing list archives
Re: Several Questions About Snort Operation
From: "jon baer" <security () jonbaer net>
Date: Fri, 19 Sep 2003 08:38:30 -0400
could really be anything affecting your problem but ... according to your conf you are only logging "log" directives and not alerts (line 40), add this: output database: alert, mysql, user=root password= dbname=snort_db host=localhost also in case there are any arp/dhcp/ip problems for testing try to change var HOME_NET to "any". - jon ----- Original Message ----- From: "Kaplan, Andrew H." <AHKAPLAN () PARTNERS ORG> To: "'jon baer'" <security () jonbaer net> Cc: <snort-users () lists sourceforge net> Sent: Friday, September 19, 2003 9:00 AM Subject: RE: [Snort-users] Several Questions About Snort Operation
Hi Jon, I ran a check of the snort.conf file and everything appears to be in
order. Just
in case I missed something, I've included it as an attachment in this e-mail for your perusal. As far
as
eth0 running in promiscuous mode, the syntax you mentioned in your e-amil had been entered into the rc.local
file.
I checked the /var/log/messages file, and confirmed that eth0 was running in promiscuous mode. Thanks
again for
the help. -----Original Message----- From: jon baer [mailto:security () jonbaer net] Sent: Thursday, September 18, 2003 4:14 PM To: snort-users () lists sourceforge net Subject: Re: [Snort-users] Several Questions About Snort Operation what does your snort.conf file look like? @ along the bottom somewhere u should have the output processor set to log to mysql (output database: alert,mysql, [credentials]) also make sure that interface eth0 is put into promiscious mode (ifconfig eth0 promisc) - jon ----- Original Message ----- From: "Kaplan, Andrew H." <AHKAPLAN () PARTNERS ORG> To: <snort-users () lists sourceforge net> Sent: Thursday, September 18, 2003 4:39 PM Subject: [Snort-users] Several Questions About Snort OperationHi there, I got Snort installed onto my system and when I run the binary from theshellprompt it appears that Snort is running. The syntax that I used is: ./snort -A full -i eth0 -c /etc/snort/snort.conf -v There are some things that I am not sure about: 1. I have the ACID program up and running but I am not getting information to display on the screen. 2. When I checked the snort_db database under MySQL there was no data. This probably explains the situation on item 1. 3. What, if anything, do I need to load on remote machines in order for the Snort server to be able to check things out on them? Essentially it appears Snort does run on my system, but there is no databeinggenerated within the database and consequently nothing is appearing on the ACID console. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Several Questions About Snort Operation Kaplan, Andrew H. (Sep 18)
- Re: Several Questions About Snort Operation jon baer (Sep 18)
- <Possible follow-ups>
- FW: Several Questions About Snort Operation Kaplan, Andrew H. (Sep 19)
- RE: Several Questions About Snort Operation Kaplan, Andrew H. (Sep 19)
- Re: Several Questions About Snort Operation jon baer (Sep 19)
- FW: Several Questions About Snort Operation Kaplan, Andrew H. (Sep 19)