Snort mailing list archives
Re: issues with Snort report 1.3&VRT rules&ET rules&threshold.conf
From: Joel Esler <joel.esler () me com>
Date: Wed, 1 Dec 2010 08:34:50 -0500
My only suggestion is, take everything out (VRT rules, ET rules, etc) and add things in, one at a time, see if Snort starts, stays running, and which step breaks the process. Joel On Tue, Nov 30, 2010 at 10:55 PM, Jun Wan <junwei_wan () hotmail com> wrote:
Hi Joel, It makes no difference by removing "-A console", I did the following and I got SR with 'No data" : sudo /usr/local/snort/bin/snort -u snort -g snort -c /usr/local/snort/etc/snort.conf -i eth0 ps: eth1 shoud be eth0 in previous email. Does anyone have any idea/direction? It would be highly appreciated. Thanks Regards John ------------------------------ Date: Tue, 30 Nov 2010 19:21:54 -0500 From: joel.esler () me com To: snortreport-users () googlegroups com CC: snort-users () lists sourceforge net Subject: Re: [Snort-users] issues with Snort report 1.3&VRT rules&ET rules&threshold.conf Is it because with the #2 line, your output is to console? "-A console", remember command line overrides the snort.conf output lines. J On Tue, Nov 30, 2010 at 7:02 PM, Jun Wan <junwei_wan () hotmail com> wrote: Hi, BASE is not maintained, as well as it's lack of docs, so I choose Snort Report (SR). I have got lots of help from David Gullett, David has done a wonderful job, thanks David. Two issues on *Snort2.8.6.0 with SR 1.3* are very *strange*, I thought you guys may be interested to know, please see the followings: *1.)* If I do following commands: sudo /usr/local/snort/bin/snort -D -u snort -g snort -c /usr/local/snort/etc/snort.conf -i eth0 sudo /usr/local/bin/barnyard2 -c /usr/local/snort/etc/barnyard2.conf -G /usr/local/snort/etc/gen-msg.map -S /usr/local/snort/etc/sid-msg.map -d /var/log/snort -f snort.u2 -w /var/log/snort/barnyard2.waldo The results: the activated rules on emerging.conf and settings on threshold.conf *are* *not working,* but the SR is working, snort is running with VRT rules *only* (*not *running ET rules&threshold.conf ) *2.) or *If I do the following command: sudo /usr/local/snort/bin/snort -u snort -g snort -c /usr/local/snort/etc/snort.conf -i eth1 -A console The results: the activated rules on emerging.conf and settings on threshold.conf *are working,* but the SR is *not working *(no data), and snort is running with VRT rules *and* ET rules *and* threshold.conf . Same issues happen to Snort 2.9.0 with SR1.3. I would like to solve these issues before I put Snort 2.8.6 &2.9.0 with SR 1.3 into our live network. Any information/idea/direction would be highly appreciated. Regards John -- Joel Esler http://blog.joelesler.net ------------------------------------------------------------------------------ Increase Visibility of Your 3D Game App & Earn a Chance To Win $500! Tap into the largest installed PC base & get more eyes on your game by optimizing for Intel(R) Graphics Technology. Get started today with the Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs. http://p.sf.net/sfu/intelisp-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-usersSnort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Joel Esler http://blog.joelesler.net
------------------------------------------------------------------------------ Increase Visibility of Your 3D Game App & Earn a Chance To Win $500! Tap into the largest installed PC base & get more eyes on your game by optimizing for Intel(R) Graphics Technology. Get started today with the Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs. http://p.sf.net/sfu/intelisp-dev2dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- issues with Snort report 1.3&VRT rules&ET rules&threshold.conf Jun Wan (Nov 30)
- Re: issues with Snort report 1.3&VRT rules&ET rules&threshold.conf Joel Esler (Nov 30)
- Re: issues with Snort report 1.3&VRT rules&ET rules&threshold.conf Jun Wan (Nov 30)
- Re: issues with Snort report 1.3&VRT rules&ET rules&threshold.conf Joel Esler (Dec 01)
- Re: issues with Snort report 1.3&VRT rules&ET rules&threshold.conf Jun Wan (Dec 02)
- Re: issues with Snort report 1.3&VRT rules&ET rules&threshold.conf Joel Esler (Dec 02)
- Re: issues with Snort report 1.3&VRT rules&ET rules&threshold.conf Jun Wan (Dec 03)
- Re: issues with Snort report 1.3&VRT rules&ET rules&threshold.conf Joel Esler (Dec 03)
- Re: issues with Snort report 1.3&VRT rules&ET rules&threshold.conf Jun Wan (Nov 30)
- Re: issues with Snort report 1.3&VRT rules&ET rules&threshold.conf Joel Esler (Nov 30)