Snort mailing list archives
RE: Do not want to take the right Sensor...??
From: "O'Flynn, Derek" <DOFlyn () lsuhsc edu>
Date: Wed, 13 Nov 2002 17:23:43 -0600
If I'm not mistaken, I believe you have to start snort with the correct interface from the command line. snort -T -i ne3 -c etc/snort.conf -----Original Message----- From: Thierry [mailto:lenaig () wanadoo fr] Sent: Wednesday, November 13, 2002 5:07 PM To: snort-users Subject: [Snort-users] Do not want to take the right Sensor...?? Hi all, I am running, or trying to run snort-1.9.0, on OpenBSD 3.2. Evrything is working, Acid/apache/php4/Mysql...but snort is taking the wrong sensor... ifconfig -a: ne3: flags=8863<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST> mtu 1500 address: 00:80:c8:f2:db:cc media: Ethernet autoselect (10baseT) inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255 inet6 fe80::280:c8ff:fef2:dbcc%ne3 prefixlen 64 scopeid 0x1 ep0: flags=8963<UP,BROADCAST,NOTRAILERS,RUNNING,PROMISC,SIMPLEX,MULTICAST>mtu 1500 address: 00:60:97:a7:03:60 media: Ethernet 10baseT inet 192.168.1.4 netmask 0xffffff00 broadcast 192.168.1.255 inet6 fe80::260:97ff:fea7:360%ep0 prefixlen 64 scopeid 0x2 One is going to sniff (ne3) and the other is going to my LAN (ep0) using for ssh connection. snort -T -c etc/snort.conf: database: compiled support for ( mysql ) database: configured to use mysql database: user = snort database: password is set database: database name = snortdb database: host = localhost database: sensor name = 192.168.1.4 database: sensor id = 1 database: schema version = 106 database: using the "log" facility 1700 Snort rules read... 1700 Option Chains linked into 192 Chain Headers 0 Dynamic rules +++++++++++++++++++++++++++++++++++++++++++++++++++ Rule application order: ->activation->dynamic->alert->pass->log --== Initialization Complete ==-- -*> Snort! <*- Version 1.9.0 (Build 209) By Martin Roesch (roesch () sourcefire com, www.snort.org) Snort sucessfully loaded all rules and checked all rule chains! database: Closing connection to database "snortdb" If i choose var HOME_NET $ne3_ADDRESS I have the following error: bash-2.05b# snort -T -c etc/snort.conf Initializing Output Plugins! Log directory = /var/log/snort Initializing Network Interface ep0 --== Initializing Snort ==-- Decoding Ethernet on interface ep0 Initializing Preprocessors! Initializing Plug-ins! Parsing Rules file etc/snort.conf +++++++++++++++++++++++++++++++++++++++++++++++++++ Initializing rule chains... ERROR => Undefined variable name: (etc/snort.conf:35): ne3_ADDRESS Fatal Error, Quitting.. In reality, snort is sniffing ma lan....why does it take ep0 and not ne3..?? thanks for your help. -- Thierry ------------------------------------------------------- This sf.net email is sponsored by: Are you worried about your web server security? Click here for a FREE Thawte Apache SSL Guide and answer your Apache SSL security needs: http://www.gothawte.com/rd523.html _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Do not want to take the right Sensor...?? Thierry (Nov 13)
- <Possible follow-ups>
- RE: Do not want to take the right Sensor...?? O'Flynn, Derek (Nov 13)