Snort mailing list archives
Snort newbie
From: "Bunter, Matthew" <Matthew.Bunter () cwcom cwplc com>
Date: Thu, 10 May 2001 13:01:28 +0100
Gurus, Apologies for asking basics but I couldn't find these answers on snort.org, the FAQs or any documentation that I have. Very basic snort.conf file, smtp, web, dns all commented out (I'm on a small testing segment) : var HOME_NET $eth_ADDRESS var EXTERNAL_NET any preprocessor defrag preprocessor http_decode: 80 8080 preprocessor portscan : $HOME_NET 4 3 /var/log/snort/portscan.log output alert_syslog: LOG_AUTH LOG_ALERT include exploit.rules include etc (from latest snort rules on snort.org) Snort is version 1.7 running on Suse 7.1 with 2.4 kernel The rules files are in the same directory as the snort executable. I get the following : # snort -c /etc/Snort/snort.conf Initializing Snort Initializing Network Interface eth0 Kernel filter, protocol ALL, raw packet socket Decoding Ethernet on interface eth0 Initializing Preprocessors! Initializing Plug-ins! Initializing Output Plug-ins! +++++++++++++++++++++++ Initializing rule chains... [!] ERROR exploit.rules(20) => Bad port number: "msg:"EXPLOIT" # All I basically want is to get snort running to produce text files under var/log/snort which will then be put through snortsnarf for browsing. But I can't even get it to start - any help would be greatly appreciated. BTW I want to convince management how easy it is to set up Snort so help me avoid the 'egg-on-face' scenario please !!! Regards, Matt Bunter ********************************************************************** This message may contain information which is confidential or privileged. If you are not the intended recipient, please advise the sender immediately by reply e-mail and delete this message and any attachments without retaining a copy. ********************************************************************** _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort newbie Bunter, Matthew (May 10)
- Re: Snort newbie Joe McAlerney (May 10)
- <Possible follow-ups>
- Snort Newbie Darrin Powell (Jun 14)