Snort mailing list archives
Re: Installing & Configuring snort
From: Peter Bates <peter.bates () ucl ac uk>
Date: Mon, 13 Aug 2012 13:23:08 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello all On 12/08/2012 20:56, Damien Hull wrote:
OS: Ubuntu 10.04 server SNORT: 2.9.3.1 Instructions: The Ubuntu-10.04-LTS instructions on the snort.org website. Barnyard2: Installed and configured MySQL: Using this and it seems to work Snort Rules: 2923 Problem #1 The dynamic rules don't work for some reason. I commented out the "dynamicdetection" line to turn that off.
You've got version 2.9.3.1 with 2.9.2.3 ruleset so the SO rules will not work.
Problem #2 I'm not getting any alerts. I added sfportscan to snort.conf but I'm getting no action in the log file.
Is your unified file updating at all? I'd suggest taking Barnyard2 out of the equation until you know your sensor is hitting traffic - snort -A console -u snort -g snort -c /etc/snort/snort.conf -i ethX is very useful - also the example 'ICMP' rule in the snort.org HOWTO is very handy to test you're actually seeing something. - -- Peter Bates Senior Computer Security Officer Phone: +44(0)2076792049 Information Services Division Internal Ext: 32049 University College London London WC1E 6BT -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJQKPGsAAoJELhVoVpEMS6RgRUIAJoADB0kBdWy/PQAOe4R6eWl t3TTBdpwUdrQtrpxneiyj2wcbNEpTsM4e+V/2xGmBE2TiO8jTj3IhrL/d0siVfjx kPW8sKUMR490hqMrRf2GHRrQPq4lWQ9eklDaBiU4jWziPl0ybW1pabFH3GFbisXb ysEV3zKEqs2bDOZbLSz0rsurirZzGlCva86HAgP9J4JdPA3leGbSeFe32VlSTqQF EundzfukWKrctv7sLC4htVOncPPLXdES6kxyENykagKQrvT8J5GGVEb0m6/jGDf1 rQ0mQumqe7vMcZ4Gu1W9s2XHk5hgzOlO95PqhOY7w2gAE4CtlKZqz487Ytfxr20= =OXZF -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Installing & Configuring snort Damien Hull (Aug 12)
- Re: Installing & Configuring snort Peter Bates (Aug 13)