Snort mailing list archives
Re: snort startup inside a vm
From: Michael Lubinski <michael.lubinski () gmail com>
Date: Thu, 3 Feb 2011 13:14:43 -0600
On 2/3/2011 07:38, Michael Lubinski wrote:
snort -D -c /etc/snort/snort.conf -i eth0 Moved the logs to /root/snortlogs, nothing gets generated in the snort.alert file. The errors I see fly across the screen are encoded rule plugin SID: #### not registerd properly try disabling this rule.
this would seem to indicate that your so rules are not right... i've only seen this error with the GID 3 so rules... i assume that the SID: #### is actually of the format SID: 3:#### ?? - Show quoted text - snort -D -c /etc/snort/snort.conf -i eth0 Moved the logs to /root/snortlogs, nothing gets generated in the snort.alert file. The errors I see fly across the screen are encoded rule plugin SID: #### not registerd properly try disabling this rule. On Tue, Feb 1, 2011 at 8:25 PM, waldo kitty <wkitty42 () windstream net> wrote:
On 1/31/2011 21:04, Michael Lubinski wrote:When i start snort I see alot of alerts scroll across the screen. How canIcapture these to a text file to read later? I am running snort in vmwareplayer. what command line are you using? you may only need to analyze the default snort alert file depending on your snort.conf settings ;) ------------------------------------------------------------------------------ Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort startup inside a vm Michael Lubinski (Jan 31)
- Re: snort startup inside a vm JJ Cummings (Jan 31)
- Re: snort startup inside a vm waldo kitty (Feb 01)
- Re: snort startup inside a vm Michael Lubinski (Feb 03)