Snort mailing list archives
RE: Linux Newb:No Alert Logging
From: "Shaun Gray" <SGray () medford k12 nj us>
Date: Thu, 3 Jun 2004 12:59:24 -0400
are you on a switch? Yes, 3com 4400 with port monitoring configured on the Snort port what are you scanning with? I'm using the HFNETcheck Pro software is there anything in /var/log/snort/alert? A file called Alert that has nothing in it when I open it. I had this working before and I received approximately 100 alerts an hour without scanning myself. One day things just stopped working appropriately. I will change the SPAN port and see if it helps. download http://www.cerberus-infosec.co.uk/CIS-5.0.02.zip <BLOCKED::http://www.cerberus-infosec.co.uk/CIS-5.0.02.zip> and run a scan on the IP of the snort box. It will send a lot of alerts to you If you are on a switch then you will only see traffic headed for that port so you will have to set a span (monitor) port or scan that port. -----Original Message----- From: Harper, Patrick [mailto:patrick.harper () phns com] Sent: Thursday, June 03, 2004 12:46 PM To: Shaun Gray; snort-users () lists sourceforge net Subject: RE: [Snort-users] Linux Newb:No Alert Logging are you on a switch? what are you scanning with? is there anything in /var/log/snort/alert? download http://www.cerberus-infosec.co.uk/CIS-5.0.02.zip <BLOCKED::http://www.cerberus-infosec.co.uk/CIS-5.0.02.zip> and run a scan on the IP of the snort box. It will send a lot of alerts to you If you are on a switch then you will only see traffic headed for that port so you will have to set a span (monitor) port or scan that port. _____ From: Shaun Gray [mailto:SGray () medford k12 nj us] Sent: Thursday, June 03, 2004 8:33 AM To: snort-users () lists sourceforge net Subject: [Snort-users] Linux Newb:No Alert Logging Hi Guys, No matter what I do snort seems to not alert to the Mysql DB or the alert log location. The output of "snort -c /etc/snort/snort.conf" is attached. I am using version 2.1.3 now as I thought an upgrade may have done the trick. I can't figure this one out at all. I scan the server to produce alerts and still do not get any I have also attached a "snort -v" output file. Maybe I should use a M$ platform. Thanks, Lost in need of help Disclaimer: This electronic message, including any attachments, is confidential and intended solely for use of the intended recipient(s). This message may contain information that is privileged or otherwise protected from disclosure by applicable law. Any unauthorized disclosure, dissemination, use or reproduction is strictly prohibited. If you have received this message in error, please delete it and notify the sender immediately.
Current thread:
- Linux Newb:No Alert Logging Shaun Gray (Jun 03)
- <Possible follow-ups>
- RE: Linux Newb:No Alert Logging Harper, Patrick (Jun 03)
- RE: Linux Newb:No Alert Logging Shaun Gray (Jun 03)