Re: issues with Snort report 1.3&VRT rules&ET rules&threshold.conf

[Jun Wan <junwei_wan () hotmail com>]

Hi Joel,
 
It makes no difference by removing "-A console", I did the following and I got SR with 'No data" :
 
 sudo /usr/local/snort/bin/snort -u snort -g snort -c /usr/local/snort/etc/snort.conf -i eth0
 
ps: eth1 shoud be eth0 in previous email.
 
Does anyone have any idea/direction? It would be highly appreciated. 
 
Thanks
 
Regards
 
John
 
 


Date: Tue, 30 Nov 2010 19:21:54 -0500
From: joel.esler () me com
To: snortreport-users () googlegroups com
CC: snort-users () lists sourceforge net
Subject: Re: [Snort-users] issues with Snort report 1.3&VRT rules&ET rules&threshold.conf

Is it because with the #2 line, your output is to console? "-A console", remember command line overrides the snort.conf 
output lines.


J


On Tue, Nov 30, 2010 at 7:02 PM, Jun Wan <junwei_wan () hotmail com> wrote:



Hi,
 
BASE is not maintained, as well as it's lack of docs, so I choose Snort Report (SR).  I have got lots of help from 
David Gullett, David has done a wonderful job,  thanks David.
 
Two issues on Snort2.8.6.0 with SR 1.3 are very strange, I thought you guys may be interested to know, please see the 
followings:
 
1.) If I do following commands:
 
sudo /usr/local/snort/bin/snort -D -u snort -g snort -c /usr/local/snort/etc/snort.conf -i eth0
sudo /usr/local/bin/barnyard2 -c /usr/local/snort/etc/barnyard2.conf -G /usr/local/snort/etc/gen-msg.map -S 
/usr/local/snort/etc/sid-msg.map -d /var/log/snort -f snort.u2 -w /var/log/snort/barnyard2.waldo
 
The results: the activated rules on emerging.conf and settings on threshold.conf are not working, but the SR is 
working, snort is running with VRT rules only (not running ET rules&threshold.conf )
 
2.) or If I do the following command:
 
 sudo /usr/local/snort/bin/snort -u snort -g snort -c /usr/local/snort/etc/snort.conf -i eth1 -A console 
 
The results: the activated rules on emerging.conf and settings on threshold.conf are working, but the SR is not working 
(no data), and snort is running with VRT rules and ET rules and threshold.conf .
 
Same issues happen to Snort 2.9.0 with SR1.3.
 
I would like to solve these issues before I put Snort 2.8.6 &2.9.0 with SR 1.3 into our live network.
 
Any information/idea/direction would be highly appreciated.
 
Regards
 
John 

-- 
Joel Esler
http://blog.joelesler.net

------------------------------------------------------------------------------ Increase Visibility of Your 3D Game App 
& Earn a Chance To Win $500! Tap into the largest installed PC base & get more eyes on your game by optimizing for 
Intel(R) Graphics Technology. Get started today with the Intel(R) Software Partner Program. Five $500 cash prizes are 
up for grabs. http://p.sf.net/sfu/intelisp-dev2dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to 
this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users 
list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users

------------------------------------------------------------------------------
Increase Visibility of Your 3D Game App & Earn a Chance To Win $500!
Tap into the largest installed PC base & get more eyes on your game by
optimizing for Intel(R) Graphics Technology. Get started today with the
Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs.
http://p.sf.net/sfu/intelisp-dev2dev

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users