Snort mailing list archives
Re: No data being collected by Snort
From: Jeremy Hoel <jthoel () gmail com>
Date: Mon, 26 Nov 2012 18:47:04 +0000
"Snort successfully validated the configuration" "Snort exiting"
That sounds like you are running snort in test mode (-T in the command line somewhere). When it's running deamon or foreground mode, you should see something like "Commencing packet processing" In regards to output, if the snort runs and stops then it's not decoding packets and snort.log will be empty. In the snort.conf you might have some output lines (near the bottom of the file, but above the rules). if you don't have any configured then snort logs to snort.log.xxxx and something else. normally, for best practice, you should have snort setup to "output unified2..." so that barnyard can read the unified files and send the data to one of many places (SIEM, front end, syslog, DB, etc). Mine looks like: output unified2: filename snort.u2, limit 128 and that creates files called snort.u2.xxxx (xxx is the timestamp) and rolls the files over at 128 MB. On Mon, Nov 26, 2012 at 6:27 PM, James Benti <rd9733 () gmail com> wrote:
Hello I have a new installation of SNORT on Centos 5.8 linux. The configuration verificaiton indicates "Snort successfully validated the configuration" "Snort exiting". However, the snort log is empty even after restarting snort several times. Checking through mailing archives I found some checks to perform and the " tcpdump -i eth0" does generate traffic so the interface I know is working fine. In the archive mailing list, there was mention of the output file needing some additional parameters for logging; however, I have not been able to find what these should be. Is there a sample snort.conf "working" sample file that may be available as an example. The snort version I'm using is: Version 2.9.3.1 I would apprciate any help. Thank you ------------------------------------------------------------------------------ Monitor your physical, virtual and cloud infrastructure from a single web console. Get in-depth insight into apps, servers, databases, vmware, SAP, cloud infrastructure, etc. Download 30-day Free Trial. Pricing starts from $795 for 25 servers or applications! http://p.sf.net/sfu/zoho_dev2dev_nov _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Monitor your physical, virtual and cloud infrastructure from a single web console. Get in-depth insight into apps, servers, databases, vmware, SAP, cloud infrastructure, etc. Download 30-day Free Trial. Pricing starts from $795 for 25 servers or applications! http://p.sf.net/sfu/zoho_dev2dev_nov _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- No data being collected by Snort James Benti (Nov 26)
- Re: No data being collected by Snort Jeremy Hoel (Nov 26)
- Re: No data being collected by Snort TermVRL M (Nov 27)
- Re: No data being collected by Snort Jeremy Hoel (Nov 26)