Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Installing & Configuring snort

From: Peter Bates <peter.bates () ucl ac uk>
Date: Mon, 13 Aug 2012 13:23:08 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hello all

On 12/08/2012 20:56, Damien Hull wrote:

OS: Ubuntu 10.04 server SNORT: 2.9.3.1 Instructions: The
Ubuntu-10.04-LTS instructions on the snort.org website. Barnyard2:
Installed and configured MySQL: Using this and it seems to work 
Snort Rules: 2923

Problem #1 The dynamic rules don't work for some reason. I
commented out the "dynamicdetection" line to turn that off.


You've got version 2.9.3.1 with 2.9.2.3 ruleset so the SO rules will
not work.


Problem #2 I'm not getting any alerts. I added sfportscan to
snort.conf but I'm getting no action in the log file.


Is your unified file updating at all?

I'd suggest taking Barnyard2 out of the equation until you know your
sensor is hitting traffic -

snort -A console -u snort -g snort -c /etc/snort/snort.conf -i ethX

is very useful - also the example 'ICMP' rule in the snort.org HOWTO
is very handy to test you're actually seeing something.

- -- 
Peter Bates
Senior Computer Security Officer    Phone: +44(0)2076792049
Information Services Division       Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJQKPGsAAoJELhVoVpEMS6RgRUIAJoADB0kBdWy/PQAOe4R6eWl
t3TTBdpwUdrQtrpxneiyj2wcbNEpTsM4e+V/2xGmBE2TiO8jTj3IhrL/d0siVfjx
kPW8sKUMR490hqMrRf2GHRrQPq4lWQ9eklDaBiU4jWziPl0ybW1pabFH3GFbisXb
ysEV3zKEqs2bDOZbLSz0rsurirZzGlCva86HAgP9J4JdPA3leGbSeFe32VlSTqQF
EundzfukWKrctv7sLC4htVOncPPLXdES6kxyENykagKQrvT8J5GGVEb0m6/jGDf1
rQ0mQumqe7vMcZ4Gu1W9s2XHk5hgzOlO95PqhOY7w2gAE4CtlKZqz487Ytfxr20=
=OXZF
-----END PGP SIGNATURE-----


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: