Snort mailing list archives

snortsam

From: Ralf Hildebrandt <Ralf.Hildebrandt () charite de>
Date: Wed, 15 May 2002 14:21:00 +0200
Hi!

I'm trying out to run snort together with snortsam and the snort-alert
plugin.

After a painful installation process due to the lousy docs, I now have
the follwoing problem:

When I start snort, I get:

...
Back Orifice detection brute force: DISABLED
Using LOCAL time
[Alert_FWsam] Connected to mgmt station 127.0.0.1.
[Alert_FWsam](CheckIn) Password mismatch! Ignoring mgmt station
127.0.0.1.
1086 Snort rules read...
1086 Option Chains linked into 109 Chain Headers
0 Dynamic rules
...
-*> Snort! <*-
Version 1.8.7beta1 (Build 117)

What the hell is going on?
In my snortsam.conf:

accept 127.0.0.1/mypassword

In my snort.conf:

output alert_fwsam: 127.0.0.1:898/mypassword

Clearly, those two passwords match.

Snort is started like this:
 /usr/sbin/snort -S
HOME_NET=[141.42.0.0/16,193.175.64.0/21,192.168.0.0/16,172.16.0.0/12]
-h 141.42.0.0/16,193.175.64.0/21,192.168.0.0/16,172.16.0.0/12 -c
/etc/snort/snort.conf -l /var/log/snort -b -d -u snort -g snort -i eth1


-- 
Ralf Hildebrandt (Im Auftrag des Referat V A)   Ralf.Hildebrandt () charite de
Charite Campus Virchow-Klinikum                 Tel.  +49 (0)30-450 570-155
Referat V A - Kommunikationsnetze -             Fax.  +49 (0)30-450 570-916
So unleash your nmap-from-hell and beware, you may tickle an obscure
bug in an ancient box hand-built by Seymour Cray himself, the only one
of its kind ever made, whose sole user pays the salaries of everyone
you ever met in the entire time you worked at the company, with money
he makes with an investment strategy hand-coded in assembler for this
special machine, by an analytic wizard who has since died. 


_______________________________________________________________

Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: bandwidth () sourceforge net
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:

snortsam Ralf Hildebrandt (May 15)