Snort mailing list archives
Re: snort not capturing
From: Mario Remy Almeida <mario.almeida () gmail com>
Date: Thu, 15 Sep 2011 01:23:38 +0400
Hi Martin, It cannot be permission issue. I had 2.8.5 working fine. It was writing to the log files and also to mysql database. Since I downloaded the 2.8.6.1 rule subscriptions I need to upgrade to 2.8.6.1. when I start snort, file is create as below. -rw------- 1 snort snort 0 Sep 15 01:15 snort.log.1316034925 Directory permission: drwxr-xr-x 2 snort snort 4096 Sep 15 01:15 snort As per above snort user has read and write permission. Not only log file wringing also not logging to mysql database. output database: alert, mysql, user=snort password=snort dbname=snort host=remoteSrvIP encoding=ascii detail=full With Warm Regards, Remy, Linux System Administrator C: 00971508643912 "Do not be afraid to try something new...Remember, amateurs built the ark; professionals built the Titanic." On Thu, Sep 15, 2011 at 1:01 AM, Martin Holste <mcholste () gmail com> wrote:
It's probably a permissions issue with /var/log/snort. Try the exact same command without -D, and you should get some indication. You may also wish to run strace snort ... which should show you if it fails to open files. On Wed, Sep 14, 2011 at 2:06 PM, Mario Remy Almeida <mario.almeida () gmail com> wrote:Dear All, I install snort 2.8.6.1 but when I start its not capturing anything. snort.log and alert files under /var/log/snort are created but both files are empty neither it logs to mysql. Snort is started with the below command /usr/sbin/snort -A fast -b -d -D -I -i eth0 -u snort -g snort -c /etc/snort/snort.conf -l /var/log/snort If i start snort with "-v -i eth0 -u snort -g snort -c /etc/snort/snort.conf " parameters then I can see the tcpdump output on the terminal. can anyone help me? Rgds, Mario ------------------------------------------------------------------------------ BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA Learn about the latest advances in developing for the BlackBerry® mobile platform with sessions, labs & more. See new tools and technologies. Register for BlackBerry® DevCon today! http://p.sf.net/sfu/rim-devcon-copy1 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA Learn about the latest advances in developing for the BlackBerry® mobile platform with sessions, labs & more. See new tools and technologies. Register for BlackBerry® DevCon today! http://p.sf.net/sfu/rim-devcon-copy1 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- snort not capturing Mario Remy Almeida (Sep 14)
- Re: snort not capturing Martin Holste (Sep 14)
- Re: snort not capturing Mario Remy Almeida (Sep 14)
- Re: snort not capturing Martin Holste (Sep 14)
- Re: snort not capturing Mario Remy Almeida (Sep 14)
- Re: snort not capturing Martin Holste (Sep 15)
- Re: snort not capturing Mario Remy Almeida (Sep 15)
- Re: snort not capturing Jason Wallace (Sep 15)
- Re: snort not capturing Mario Remy Almeida (Sep 15)
- Re: snort not capturing waldo kitty (Sep 15)
- Re: snort not capturing Mario Remy Almeida (Sep 14)
- Re: snort not capturing Martin Holste (Sep 14)