Snort mailing list archives
Beginner Help...
From: "Stevo" <checkpoint () ozbergs com>
Date: Thu, 31 Jul 2003 14:49:53 -0700
Hey All, Sorry for the stupid questions... and I have RTFM'ed, but I just need some quick answers!! I've got Snort setup as per the http://www.snort.org/docs/snort_acid_rh9.pdf instructions... but I don't see any Alert at all in Acid. I have 2 interfaces in my Snort box, one for management and one for sniffing. The sniffer interface is connected to a switch (Cat4006) and I'm spanning our uplink port to the sniffer interface. I know that's working because if I do a tcpdump -i eth1 (the sniffer interface) I see ALL the traffic from our network... Snort is running and supposibly logging the my mysql db - should I see the number of records increasing in a certain table to make sure the data is in fact being logged there successfully?? I've been using Retina to scan my network to attempt to generate alerts, but that hasn't worked. Is there another tool I could use to generate "naughty" traffic?? Does anyone have any thing else I can check?? Thanks Stevo
Current thread:
- Beginner Help... Stevo (Jul 31)
- Re: Beginner Help... cc (Jul 31)
- Re: Beginner Help... Erek Adams (Aug 01)
- Re: Beginner Help... Stevo (Aug 01)
- Re: Beginner Help... Erek Adams (Aug 01)
- Re: Beginner Help... Stevo (Aug 01)
- Re: Beginner Help... Patrick S. Harper - CISSP (Aug 01)
- Re: Beginner Help... Stevo (Aug 01)
- <Possible follow-ups>
- FW: Beginner Help... support (Jul 31)
- Re: FW: Beginner Help... Erek Adams (Aug 01)
- Re: FW: Beginner Help... Stevo (Aug 01)
- RE: FW: Beginner Help... Brian Gregorcy (Aug 01)
- Re: FW: Beginner Help... Erek Adams (Aug 01)