Snort mailing list archives
RE: Snort isn't doing anything..
From: "Harper, Patrick" <Patrick.Harper () phns com>
Date: Wed, 2 Mar 2005 17:11:45 -0600
Is it a true hub, some hubs are really switches. The archives have a lot about this issue. What make and model? -----Original Message----- From: Marc Hering [mailto:mhering () reval com] Sent: Wednesday, March 02, 2005 4:09 PM To: snort-users () lists sourceforge net Subject: [Snort-users] Snort isn't doing anything.. Hey Everyone... I just setup my first snort box running on Fedora Core 3. I installed everything, including ACID and started snort up...It starts up just fine and a ps auxww |grep snort shows that the app is running.. 502 3740 0.7 14.5 41444 37196 ? Ss 16:56 0:01 /usr/local/bin/snort -c /usr/local/snort/etc/snort.conf -i eth1 -g snortgroup -D -u snortuser However, If I run an nmap scan (doesn't matter what options) on any host on my network (Snort can see it, it's on a hub) it doesn't log anything. So far it's only logged 1 alert for a SQL scan.. I have tried updating the rules to no avail... My snort.conf is the default out of the box setup, the only things i have changed are as follows ***********************Changed items in snort.conf******************************** var RULE_PATH /usr/local/snort/rules output database: log, mysql, user=thepropersnortuser password=snortuserspassword dbname=thesnortdatabase host=localhost (Names have been changed to protect the innocent :) ) output alert_syslog: LOG_LOCAL3 output alert_fast: snort.log output alert_full: alert.full ************************************************ From what I can understand....this SHOULD work, is there something I have missed???? Thanks ----------------------------------------- Disclaimer: This electronic message, including any attachments, is confidential and intended solely for use of the intended recipient(s). This message may contain information that is privileged or otherwise protected from disclosure by applicable law. Any unauthorized disclosure, dissemination, use or reproduction is strictly prohibited. If you have received this message in error, please delete it and notify the sender immediately. ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_ide95&alloc_id396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort isn't doing anything.. Marc Hering (Mar 02)
- <Possible follow-ups>
- RE: Snort isn't doing anything.. Harper, Patrick (Mar 02)