Snort mailing list archives
Windows snort in amazon aws
From: "Vinson, John" <john.vinson () ancile com>
Date: Tue, 3 Jan 2017 14:37:43 +0000
Hello, I'm setting up a snort instance on Amazon AWS EC2 instance. I have a Windows install running Snort 2.9.9.0 / Barnyard2 this server is running the following windows cmd line: C:\IDS\Snort\bin>snort -c C:\IDS\Snort\etc\snort.conf -l C:\IDS\Snort\log -p -i1 I have applied several test rules to just generate some traffic to the Windows box. I need to run with promiscuous mode disabled due to the AWS network environment. I run the setup and do not see any packet activity. I can run a similar setup and generate activity in packet logging mode or print to stdout (-A console), but there is no data being logged as an IDS.my confirmation of this is the merged.log.[timestamp] file does not grow once the snort process has been started. Branyard2 finds the merged.log.[timestamp] file and tracks it using the barnyard2.waldo file but neither file grows. The exiting statistics for barnyard2 are all 0's. Snort reports that 80-97% of its packets have a bad checksum during its exiting statistics. I have an Ubuntu server 16.04 as well hosting a MySQL database and the Ruby on rails front end Snorby for processing the snort data. Barnyard functions normally but is not seeing any packets from snort. I'm using the Unified2 output specified in the snort.conf file My goal is just to track network packets that are sent to this one windows server with snort installed. I do not need to monitor more than this. Dou you have any recommendations for running Snort in AWS environment? I have replicated this exact setup in an on-premise virtual lab and saw everything work as expected. Thanks, John Vinson This message may contain confidential or privileged information and is intended only for the individuals addressed in the body of the email. Nothing in this message shall be construed as making or accepting an offer to form a contract unless this message is followed by a written signed confirmation. If you have received this message in error, please notify the sender and then delete the message and all copies. Thank you.
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Windows snort in amazon aws Vinson, John (Jan 03)