Snort mailing list archives
Re: snort not logging alerts
From: SN ORT <snort_on_acid () yahoo com>
Date: Mon, 28 Jun 2004 09:24:33 -0700 (PDT)
What is the IP of the server you scanned with Nessus? And when you scanned, you could see it on eth1 running tcpdump? Cheese! Marc
Message: 1 From: Nicholas Bernstein <nick () docmagic com> To: snort-users <snort-users () lists sourceforge net> Date: Sun, 27 Jun 2004 05:45:20 -0700 Subject: [Snort-users] snort not logging alerts As I'm sure you can see from the timestamp on this email, the current time is 5:33am PDT, here, while I'm writing this. I've given up my friday night, my saturday day and now all the way up to sunday morning on this. If you're wondering if I'm trying to make you feel bad enough to give me a hand, the answer is yes. :)=20 Anyway, I hope this makes sense, as my eyes are starting to close of their own free will.=20 I'm trying to setup a simple snort -> mysql -> acid setup, which is pretty common, and which I've done numerous times. Unfortunately, in this instance, it seems as if snort does not believe anything is an alert. I've tested to make sure it's capturing packets (it is) and -T seems to think everything is fine. Yet, still, when I run a full nessus scan against the host, NOTHING gets added to the db. When I run it from command line, the action stats are ALERTS: 0, Logged: 0, Passed: 0.=20 I'm running on suse 9.1, w/ a 2.6.4-52 kernel, w/ snort compiled from source. This is using the same exact setup I did on FreeBSD two days ago, and on RedHat, and earlier versions of suse as well.=20 below is the output of snort -T and below that my snort.conf Any help would be very, very appreciated. I'd like to not have to go out and get another harddrive so I can install FreeBSD set it up on that.=20 nick@hemingway:~> sudo snort -T -c /etc/snort/snort.conf -i eth1 Running in IDS mode Log directory =3D /var/log/snort
<snip> __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort not logging alerts Nicholas Bernstein (Jun 27)
- Re: snort not logging alerts Xantius (Jun 27)
- Re: snort not logging alerts Martin Roesch (Jun 29)
- Re: snort not logging alerts Martin Roesch (Jun 29)
- <Possible follow-ups>
- Re: snort not logging alerts SN ORT (Jun 28)