Snort mailing list archives

Previous By Date Next
Previous By Thread Next

snort not record alert

From: troxlinux <xserverlinux () gmail com>
Date: Thu, 8 Dec 2011 12:26:24 -0600
         Hi list, I am trying to run snort in my server firewall,
following some guides especially that of snort with centos 5 of the
site snort.org, everything one carries out with success but I don't
see that snort records alerts in the BD mysql and I don't see any
event in the log of snort...


any idea?

look my log :

ule application order:
activation->dynamic->pass->drop->sdrop->reject->alert->log
Verifying Preprocessor Configurations!
ICMP tracking disabled, no ICMP sessions allocated
pcap DAQ configured to passive.
Acquiring network traffic from "eth0".
Reload thread starting...
Reload thread started, thread 0x42090940 (9278)
Decoding Ethernet
WARNING: normalizations disabled because DAQ can't replace packets.
database: compiled support for (mysql)
database: configured to use mysql
database: schema version = 107
database:           host = localhost
database:           user = snortmen
database:  database name = snort
database:    sensor name = 2.0.0.0
database:      sensor id = 1
database:  data encoding = hex
database:   detail level = full
database:     ignore_bpf = no
database: using the "log" facility

       --== Initialization Complete ==--

  ,,_     -*> Snort! <*-
 o"  )~   Version 2.9.1.2 IPv6 GRE (Build 84)
  ''''    By Martin Roesch & The Snort Team:
http://www.snort.org/snort/snort-team
          Copyright (C) 1998-2011 Sourcefire, Inc., et al.
          Using libpcap version 1.1.1
          Using PCRE version: 6.6 06-Feb-2006
          Using ZLIB version: 1.2.3

          Rules Engine: SF_SNORT_DETECTION_ENGINE  Version 1.15  <Build 18>
          Preprocessor Object: SF_DNS (IPV6)  Version 1.1  <Build 4>
          Preprocessor Object: SF_SSLPP (IPV6)  Version 1.1  <Build 4>
          Preprocessor Object: SF_IMAP (IPV6)  Version 1.0  <Build 1>
          Preprocessor Object: SF_SMTP (IPV6)  Version 1.1  <Build 9>
          Preprocessor Object: SF_FTPTELNET (IPV6)  Version 1.2  <Build 13>
          Preprocessor Object: SF_SSH (IPV6)  Version 1.1  <Build 3>
          Preprocessor Object: SF_SIP (IPV6)  Version 1.1  <Build 1>


-- 
rickygm

http://gnuforever.homelinux.com

------------------------------------------------------------------------------
Learn Windows Azure Live!  Tuesday, Dec 13, 2011
Microsoft is holding a special Learn Windows Azure training event for 
developers. It will provide a great way to learn Windows Azure and what it 
provides. You can attend the event by watching it streamed LIVE online.  
Learn more at http://p.sf.net/sfu/ms-windowsazure
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: