Snort mailing list archives
RE: Snort Problems
From: "Patrick S. Harper" <patrick () internetsecurityguru com>
Date: Thu, 21 Oct 2004 20:59:16 -0500
I am not sure if the Vmware is doing anything. You might want to send this to the list. I am forwarding it that way with the reply Patrick S. Harper | CISSP RHCT MCSE www.internetsecurityguru.com www.ntsug.org - Snort Users Group "If there is no light at the end of the tunnel, get down there and light the damn thing yourself!" -----Original Message----- From: Edward Sohn [mailto:edwardsohn () yahoo com] Sent: Thursday, October 21, 2004 8:19 PM To: patrick () internetsecurityguru com Subject: Snort Problems Hi Patrick, I am a Snort and Linux newbie, and I appreciate your Snort installation guide. I'm having problems, however... I have everything installed and running on Fedora Core 2 in VMWare 4.5.2 on Windows XP in bridged mode. I can see Snort working when I run it in verbose (I can see the packet captures) I have the Snort.conf file logging to MySQL and then displaying in ACID. The problem is that I cannot see any entries in MySQL, and thus, nothing is showing in ACID. I created a test.rules file and used "alert tcp any any -> any any..." and saved it in the rules folder. I then ran "snort -c test.rules" and nothing happened (this ran cleanly, BTW). You may think that there might be a problem with Snort not logging to MySQL, but one time (and one time only) I ran a "snort -c /etc/snort/snort.conf" and then ctrl-c'd a little while later. RIGHT when I did so, my ACID page logged 3 UDP packets. The signatures read "[snort] SCAN UPnP service discover attempt" on UDP 1900. There are 3 identical entries sourcing from the Host Computer (XP) IP address. Since then, however, I have never seen any more packets being logged. Can you help me, please? I would be eternally grateful. Please let me know what output I can copy and paste for you to see. Thanks, Ed ------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Snort Problems Patrick S. Harper (Oct 21)