Snort mailing list archives
How to verify snort functionality
From: David Kingsly <davidkingsly () verizon net>
Date: Sun, 12 Apr 2009 11:54:36 -0400
I see snort running: root@thunder:/etc/snort# ps aux | grep snort snort 14473 7.1 7.1 144468 110520 ? Ss 18:52 0:05 snort -c /etc/snort/snort.conf -u snort -g snort -D root 30336 0.0 0.1 6464 2564 pts/0 S+ 12:50 0:00 mysql -u snort -p snort root@thunder:/etc/snort# Now I want to verify that alerts are triggered, and sent to log directory, and the database. So I installed nmap on a different machine connected to snort box through a hub, and I issued the command nmap x.x.x.x ( ip of my snort machine ). I do not see anything in my database or the alerts directory located at /var/log/snort. Is there anywhere I forgot to look? Something I need to disable? ( I disabled the linux firewall through firestarter ) mysql> show tables; +------------------+ | Tables_in_snort | +------------------+ | data | | detail | | encoding | | event | | icmphdr | | iphdr | | opt | | reference | | reference_system | | schema | | sensor | | sig_class | | sig_reference | | signature | | tcphdr | | udphdr | +------------------+ 16 rows in set (0.00 sec) mysql> select * from data; Empty set (0.00 sec) mysql> ***************************** root@thunder:/var/log/snort# more alert root@thunder:/var/log/snort# ls alert snort.log.1239490353 root@thunder:/var/log/snort# more snort.log.1239490353 root@thunder:/var/log/snort# ------------------------------------------------------------------------------ This SF.net email is sponsored by: High Quality Requirements in a Collaborative Environment. Download a free trial of Rational Requirements Composer Now! http://p.sf.net/sfu/www-ibm-com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Real noob question craig bowser (Apr 02)
- Re: Real noob question matt donovan (Apr 02)
- Re: Real noob question Greg Bowser (Apr 02)
- Re: Real noob question Joel Esler (Apr 02)
- Re: Real noob question JJ Cummings (Apr 02)
- how to run snort from different linux directories David Kingsly (Apr 05)
- How to verify snort functionality David Kingsly (Apr 12)
- Re: How to verify snort functionality Joel Esler (Apr 12)
- how to run snort from different linux directories David Kingsly (Apr 05)
- Message not available
- Re: how to run snort from different linux directories Nathaniel Richmond (Apr 05)