Snort mailing list archives
RE: Snort testing
From: "Patrick Harper" <patrick.harper () phns com>
Date: Thu, 8 Apr 2004 09:17:51 -0500
Look in /var/log/snort for an alert file. If it is there then you have a db connection problem. Double check the snort.conf output line and the acid_conf.php to make sure that everything is correct. Is mysql running? Patrick S. Harper | CISSP RHCT MCSE Information Security Engineer patrick.harper () phns com -----Original Message----- From: David Nardoni [mailto:dnardoni () firstresponseconsulting com] Sent: Wednesday, April 07, 2004 1:58 PM To: snort-users () lists sourceforge net Subject: [Snort-users] Snort testing I am very new to snort and I am need some help on getting it running correctly. It appears that snort is running but not accumulating alerts. I followed the SNORT, PHP, Apache, MySQL and ACID install guide by Patrick Harper. Here is what I get when I run ps -ef | grep snort /usr/local/bin/snort -c /etc/snort/snort.conf -I eth0 -g snort -D When I run a nmap scan on the ip address it does not generate any alerts. This is a system set up on a local LAN attached to a hub. I have even run sneeze and received no alerts. Any help would be appreciated. David Nardoni CISSP First Response Consulting Services, Inc. dnardoni () firstresponseconsulting com ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Disclaimer: This electronic message, including any attachments, is confidential and intended solely for use of the intended recipient(s). This message may contain information that is privileged or otherwise protected from disclosure by applicable law. Any unauthorized disclosure, dissemination, use or reproduction is strictly prohibited. If you have received this message in error, please delete it and notify the sender immediately. ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort testing David Nardoni (Apr 08)
- <Possible follow-ups>
- RE: Snort testing Patrick Harper (Apr 08)