Snort mailing list archives

Re: not event in snort 2.9.3

From: beenph <beenph () gmail com>
Date: Thu, 27 Sep 2012 14:45:21 -0400

On Thu, Sep 27, 2012 at 2:32 PM, troxlinux <xserverlinux () gmail com> wrote:

Hi list, I am working snort 2.9.3 I'm doing my best to work with
Barnyard2 for some reason is not generating events snort, unified2 is
empty and I do test by ping the server ids


I just realized something since you posted some more information on
snort over here.

First your output configuration should be looking something like this

output unified2: filename merged.log, limit 128

Now what is your snort command line invocation?

Also
1- do you have some rules defined?
2- are you seeing traffic on the interface you have configured snort
to listen on?

-elz

-rw------- 1 snort snort    0 Sep 26 12:58 alert
-rw-r--r-- 1 snort snort 2056 Sep 27 10:46 barnyard.waldo
drwxr-xr-x 2 root  root  4096 Sep 27 11:23 eth0
-rw------- 1 root  root     0 Sep 26 13:54 snort.log.1348689295
-rw------- 1 root  root     0 Sep 26 13:57 snort.log.1348689456
-rw------- 1 root  root     0 Sep 26 14:02 snort.log.1348689731
-rw------- 1 root  root     0 Sep 26 14:05 snort.log.1348689931
-rw------- 1 root  root     0 Sep 26 14:14 snort.log.1348690442
-rw------- 1 root  root     0 Sep 26 14:18 snort.log.1348690708
-rw------- 1 root  root     0 Sep 26 14:42 snort.log.1348692167
-rw------- 1 root  root     0 Sep 26 14:47 snort.log.1348692448
-rw------- 1 snort snort    0 Sep 26 14:53 snort.log.1348692805
-rw------- 1 snort snort    0 Sep 26 16:31 snort.log.1348698702
-rw------- 1 snort snort    0 Sep 26 17:09 snort.log.1348700973
-rw------- 1 snort snort    0 Sep 27 08:16 snort.log.1348755389
-rw------- 1 snort snort    0 Sep 27 09:08 snort.log.1348758488
-rw------- 1 snort snort    0 Sep 27 09:22 snort.log.1348759368
-rw------- 1 root  root     0 Sep 27 09:24 snort.log.1348759472
-rw------- 1 snort snort    0 Sep 27 09:29 snort.log.1348759746
-rw------- 1 root  root     0 Sep 27 09:29 snort.log.1348759786
-rw------- 1 root  root     0 Sep 27 10:46 snort.log.1348764364
-rw------- 1 snort snort    0 Sep 27 10:53 snort.log.1348764789
-rw------- 1 snort snort    0 Sep 27 11:04 snort.log.1348765449
-rw------- 1 snort snort    0 Sep 27 11:46 snort.log.1348767998
-rw------- 1 snort snort    0 Sep 27 12:25 snort.log.1348770345

check my snort.conf

snort.conf

# unified2
# Recommended for most installs
# output unified2: filename merged.log, limit 128, nostamp,
mpls_event_types, vlan_event_types
output unified2: filename snort.log, limit 128
# Additional configuration for specific types of installs
# output alert_unified2: filename snort.alert, limit 128, nostamp
# output log_unified2: filename snort.log, limit 128, nostamp

# syslog
# output alert_syslog: LOG_AUTH LOG_ALERT

# pcap
# output log_tcpdump: tcpdump.log

# database

regardss


--
rickygm

http://gnuforever.homelinux.com

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://ad.doubleclick.net/clk;258768047;13503038;j?
http://info.appdynamics.com/FreeJavaPerformanceDownload.html
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!


------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://ad.doubleclick.net/clk;258768047;13503038;j?
http://info.appdynamics.com/FreeJavaPerformanceDownload.html
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

not event in snort 2.9.3 troxlinux (Sep 27)
- Re: not event in snort 2.9.3 beenph (Sep 27)
  - Re: not event in snort 2.9.3 troxlinux (Sep 27)
    - Message not available
    - Re: not event in snort 2.9.3 troxlinux (Sep 27)
    - Message not available
    - Message not available
    - Message not available
    - Re: not event in snort 2.9.3 beenph (Sep 27)
    - Message not available
    - Re: not event in snort 2.9.3 beenph (Sep 27)