Snort mailing list archives
Re: snort report no data.
From: Peter Bates <peter.bates () ucl ac uk>
Date: Tue, 27 Nov 2012 15:58:01 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi there On 27/11/2012 13:32, TermVRL M wrote:
how i can troubleshoot this?
Some basic troubleshooting tactics: 1) Run Snort in console mode snort -A console -c /location/of/snort.conf -i ethX (X is probably 0) Generate some traffic - you don't say what rules you are actually running. 2) Run Snort to generate unified2 log Check snort.conf has something similar to: output unified2: filename snort.log, limit 128 Then run snort -i ethX -c /location/of/snort.conf -l /var/log/snort -D Snort should daemonize and if you generate traffic you should see 'snort.log.xxxxxx' appear in /var/log/snort After that you're onto troubleshooting Barnyard2, seeing as that will be feeding the database you're looking at with snortreport. - -- Peter Bates Senior Information Security Officer Phone: +44(0)2076792049 Information Services Division Internal Ext: 32049 University College London London WC1E 6BT -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iQEcBAEBAgAGBQJQtOMJAAoJELhVoVpEMS6RKDsIAJNydm+IdBTL1y1sAfl9KY0/ Is4kW5SuubysIJiIIvq6s4xvPo4FmpQ/RVLfZfZOaDk+R7cGRoqvwlPpUsXskkdA df4igV9eJ6YQ5YjGcaOg/S6FRIvCOsrvh8eKwq8F//7hEFEX3EMMJ2zCilL7U09f A/oKszHMeSXBe4B3OvcC7WaNy66Hq3uQHvkThQ4V0G8JRJfvM4pvNFTuUyEET0o3 KTVCuN1ADckOMu2H+rfgVP98tGZvT0vEspWGo0bU0PaaabVZ0WItn0shvYAl8zcQ QzzYX8X/QmL4lUHYfv0w3LWZz3Ns2rQX4pPfWtIL25ZvlKtzCpj2XoxkE6nH7l0= =l7EJ -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Monitor your physical, virtual and cloud infrastructure from a single web console. Get in-depth insight into apps, servers, databases, vmware, SAP, cloud infrastructure, etc. Download 30-day Free Trial. Pricing starts from $795 for 25 servers or applications! http://p.sf.net/sfu/zoho_dev2dev_nov _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- snort report no data. TermVRL M (Nov 27)
- Re: snort report no data. Peter Bates (Nov 27)
- Re: snort report no data. TermVRL M (Dec 04)
- Re: snort report no data. Peter Bates (Nov 27)