Snort mailing list archives
RE: Snort ain't logging anything...
From: "Mam Ruoc" <mamruoc () hotmail com>
Date: Thu, 06 Feb 2003 23:33:47 +0100
Hi!Yes, I do get ALOT of out when running i verbose mode, I got a friend who accessed my ftp (I'm using proftpd) today, suddently Snort got triggered and logged 117 Alerts saying:
(spp_fnord) Possible Mutated IA32 NOP Sled detected.I installed ACID succesfully, so logging seems to be good now, but why don't snort detes my portscans or sneeze, the prog that's suppose to test snort's rulesets???
Regards. ----Original Message Follows---- From: "L. Christopher Luther" <CLuther () Xybernaut com> To: 'Mam Ruoc' <mamruoc () hotmail com> CC: "Snort-Users (E-mail)" <snort-users () lists sourceforge net> Subject: RE: Snort ain't logging anything... Date: Thu, 6 Feb 2003 12:42:39 -0500 Try running snort in sniffer mode (e.g., snort -v -i eth0). In sniffer mode, snort should display to the console all packets that it sees. If you're getting data, then let the list know and we can proceed on to the next test. - Christopher -----Original Message----- From: "Mam Ruoc" <mamruoc () hotmail com> To: snort-users () lists sourceforge net Date: Thu, 06 Feb 2003 11:54:55 +0100 Subject: [Snort-users] Snort ain't logging anything... Greetings snort-experts First off all, I'm a newbie, please be patient with me.... I got some problem after upgrading to Snort 1.9.0. I've been configuring snort.conf a dozen times, I've set Iptables to accept everything (droppped using IPTables), 'cause I thought packets might been filtered before Snort. Nothing helped... Then I found that my eth0 wasn't in promiscuous mode, so I'd manually add it to startup... Somebody said that's the problem, 'cause Snort couldn't retrieve data without the NIC beeing in promiscuous mode (is that right)That didn't help either... Can somebody please tell what I can do to detect what's wrong?? I've used programs like nmap and sneeze (which tests rulesets by sending bogus packets), the only thing I've got back is: 'snort: (spp_arpspoof) Ethernet/ARP Mismatch request for Destination' in my syslog. My system is: Snort version 1.9.0 (Build 209) (supporting mysql) _________________________________________________________________ MSN Messenger http://www.msn.no/messenger - Den korteste veien mellom deg og dine venner _________________________________________________________________MSN Messenger http://www.msn.no/messenger - Den korteste veien mellom deg og dine venner
------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort ain't logging anything... Mam Ruoc (Feb 06)
- <Possible follow-ups>
- RE: Snort ain't logging anything... L. Christopher Luther (Feb 06)
- RE: Snort ain't logging anything... Mam Ruoc (Feb 06)
- RE: RE: Snort ain't logging anything... Michael Steele (Feb 06)