Snort mailing list archives
Re: No Logging No Output No Data
From: Russ Combs <rcombs () sourcefire com>
Date: Thu, 26 Aug 2010 16:41:37 -0400
On Thu, Aug 26, 2010 at 3:51 PM, Greg Lane <greglane () laneconstinc com>wrote:
I have snort installed on a Ubuntu 10.04 box and I have gone over config files and everything I can think of at least 10 times. I cannot get help on the forums and can’t seem to find anything in the forum that remotely gives a solution. I have followed 2 different methods of install and still I have nothing as far as alerts or just plain traffic in BASE. I have mirrored port on the outside interface of my router and have run wireshark to confirm that I have activity on that mirrored port yet I’m still getting nothing in BASE. I have run Tcpdump and seen traffic on the interface. I have did a capture with Wireshark and analyzed the data with Netwitness yet I still have no data BASE. The only thing that I seen as a problem and researched and found out was not a problem was when I start Snort after it completes the initialization it says NOT USING PCAP_FRAMES. So I would really appreciate if somebody could possibly tell me what the problem is because I have posted on forums and get no feedback.
Greg, I feel your pain! Take heart, it's inherently not a simple task. We'll have to break this down Barney style to isolate the problem. For starters, when you stop Snort, do you see any packet counts? If not, are you sniffing the correct interfaces, do you have a bad BPF, etc. If Snort is seeing the traffic, are you getting any alerts? Run with -A cmg and see if anything pops up on the console. If still nothing, are checksums a problem? Try running with -k none to disable. Report back if you're stuck and we'll see what we can do. Russ
Snort 2.8.6.1 BASE 1.3.9 MySQL *Greg Lane* *IT Manager* *Lane Enterprises* *Email:* greglane () laneconstinc com *Phone:* (228)872-2414 ------------------------------------------------------------------------------ Sell apps to millions through the Intel(R) Atom(Tm) Developer Program Be part of this innovative community and reach millions of netbook users worldwide. Take advantage of special opportunities to increase revenue and speed time-to-market. Join now, and jumpstart your future. http://p.sf.net/sfu/intel-atom-d2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Sell apps to millions through the Intel(R) Atom(Tm) Developer Program Be part of this innovative community and reach millions of netbook users worldwide. Take advantage of special opportunities to increase revenue and speed time-to-market. Join now, and jumpstart your future. http://p.sf.net/sfu/intel-atom-d2d
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- No Logging No Output No Data Greg Lane (Aug 26)
- Re: No Logging No Output No Data Russ Combs (Aug 26)