Snort mailing list archives
Re: Snort-1.9.0 not generating required alerts
From: archana rao <archuatdavis () yahoo com>
Date: Wed, 16 Oct 2002 14:34:36 -0700 (PDT)
Hey, thanks for the help.But whatever I do, nothing seems to be working.I am still unable to get Snort to raise the required alerts even though, now the errors have disappeared with the -s option.I just don't seem to be able to figure out what is going wrong.Any help would be greatly appreciated. Archana --- Alberto Gonzalez <ag-snort () cerebro violating us> wrote:
ok lets try this again since the first one got sent "blank" who knows... i found this strange, since when i ran 1.8.7 i liked to log via syslog. Since moving to 1.9.0 (been running beta6 for awhile) i moved on. I tried running snort with just -s.. and like you stated I got the "Usage" screen..... (root@cerebro)(~) snort -i rl0 -s -c /etc/snort/snort.conf Initializing Output Plugins! Log directory = /var/log/snort Initializing Network Interface rl0 ERROR: OpenPcap() FSM compilation failed: syntax error PCAP command: /etc/snort/snort.conf Fatal Error, Quitting.. IMHO, its expecting an argument after -s (it didnt like -c /etc/snort/snort.conf) some digging into my /etc/snort/snort.conf file.. found the following: # alert_syslog: log alerts to syslog # ---------------------------------- # Use one or more syslog facilities as arguments # # output alert_syslog: LOG_AUTH LOG_ALERT I wondered if the snort developers have made it so you have to pass a argument to the command line switch. I attempted doing this with the following (root@cerebro)(~) /usr/local/bin/snort -i rl0 -c /etc/snort/snort.conf -s LOG_AUTH -D Initializing Output Plugins! (root@cerebro)(~) tail -f /var/log/daemon <snip> Oct 16 00:27:44 cerebro snort: target_limit: 5 Oct 16 00:27:44 cerebro snort: port_limit: 20 Oct 16 00:27:44 cerebro snort: timeout: 60 Oct 16 00:27:53 cerebro snort[7111]: Snort initialization completed successfully, Snort running As you can see, when passing the LOG_AUTH argument to the command line, snort worked perfectly. You might want to check out the snort users manual available via html or pdf...
http://www.snort.org/docs/writing_rules/chap2.html#tth_sEc2.5.1
that URL above has the facilities that alert_syslog takes.. either via output in snort.conf or now seen in 1.9 via command line argument. hope it helps - Albert archana rao wrote:Hi, I followed the steps you had mentioned, and nowIhave discovered another problem.Snort-1.9.0 is not accepting the -s(log alerts to syslog) command line option.It gives me either a "fatal error, quitting" error message, or prints out the "USAGE:...." message.I noticed that I was getting the alerts in Snort-1.8.7 when I was using the -s option and so, when I tried doing the same thing, Snort-1.9.0doesn'tseem to be able to recognize the option.Any ideas? Thanks in advance, Archana-- The secret to success is to start from scratch and keep on scratching.
__________________________________________________ Do you Yahoo!? Faith Hill - Exclusive Performances, Videos & More http://faith.yahoo.com ------------------------------------------------------- This sf.net email is sponsored by: viaVerio will pay you up to $1,000 for every account that you consolidate with us. http://ad.doubleclick.net/clk;4749864;7604308;v? http://www.viaverio.com/consolidator/osdn.cfm _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort-1.9.0 not generating required alerts archana rao (Oct 14)
- Re: Snort-1.9.0 not generating required alerts Erek Adams (Oct 14)
- Re: Snort-1.9.0 not generating required alerts archana rao (Oct 15)
- Re: Snort-1.9.0 not generating required alerts Erek Adams (Oct 15)
- Re: Snort-1.9.0 not generating required alerts archana rao (Oct 15)
- Re: Snort-1.9.0 not generating required alerts Alberto Gonzalez (Oct 15)
- Re: Snort-1.9.0 not generating required alerts Erek Adams (Oct 15)
- Re: Snort-1.9.0 not generating required alerts archana rao (Oct 16)
- Re: Snort-1.9.0 not generating required alerts Alberto Gonzalez (Oct 15)
- Re: Snort-1.9.0 not generating required alerts archana rao (Oct 16)
- Re: Snort-1.9.0 not generating required alerts archana rao (Oct 15)
- Re: Snort-1.9.0 not generating required alerts Erek Adams (Oct 14)