Snort mailing list archives
Re: trying this again (UNCLASSIFIED)
From: Rhoades.Jon <Rhoades.Jon () ensco com>
Date: Thu, 13 Dec 2012 08:59:54 -0500
I run about 15 sensors under Ubuntu but will try and help. Probably be a lot of back and forth as your description does not have a lot of details and it is a big request. Questions. Let's start with snort 1) How did you install snort? RPMs or source and compile? If compile what options did you pass to snort in the configure command? 2) Is snort running? ps -eaf | grep snort cut and paste the output. 3) If snort is running is it generating output. The typical place to dump what snort finds is /var/log/sort but that can be changed. In the directory do you see files like this? snort.u2.1355029461 4) If snort is running kill it then run snort without the -D option and see what it says. If it has something it does not like you should see it on the console. 5) What is snort supposed to listen to? Do you have TAPs? Span port? Basically are you getting traffic for snort to watch and how are you doing it. Enough for now. See what you reply with and go from there. -Jon Rhoades From: Cass, Mark A CTR (US) [mailto:mark.a.cass2.ctr () mail mil] Sent: Wednesday, December 12, 2012 10:28 AM To: snort-users () lists sourceforge net Subject: [Snort-users] trying this again (UNCLASSIFIED) Classification: UNCLASSIFIED Caveats: NONE Hello, I've tried e-mailing the list before with not one response, but here it goes again: I'm trying to implement a snort IDS with add-ons in a RHEL 6.3 x86 VMWare server. I need to get snort, mysql, barnyard2, snorby, and pulled pork all working together. The problem, is that guides are either made for just snort/mysql install, or for a different OS like Ubuntu, or for an old version of snort, or for other 3rd party software, or are telling you some sort of db configuration schema script to run that doesn't exist where it says it should (later finding out it came with barnyard2 instead of the snort package) so I've no help from any of the so-called "setup" or "configuration" guides. I've got snort, mysql, barnyard2 and pulled pork installed at the moment, but nothing is working together. Pulled pork has errors, but I believe the last I left it, was downloading rules, snort doesn't output to barnyard2 or barnyard2 isn't writing to the mysql database, I have no idea. I've never set up an IDS before, never messed with the CPAN or perl stuff, and honestly was expecting some rpm files to install and an hour or so on some of the configuration scripts. I'm pulling my hair out over this right now, as my work time to implement this doesn't allow the hours and hours and hours I apparently would need to spend scouring the internet's furthest reaches for correct and proper information pertaining to the operating system used and all add-ons, however, believe me, I've spent countless hours already trying to do just that. I've kind of given up just a bit in the last couple of weeks because I can't find any good useful information on this particular setup. Has anyone ever set this up on a RHEL 6 installation with the additional utilities I've listed, and can help me? Thank you, Mark A. Cass Security+ CE, RHCSA, MCTS Systems Administrator/Network Manager (SANM) CGI Federal Contractor 700 McNair Ave. Suite 107 (Knox Hall) Fort Sill, Oklahoma 73503 Ph. 580.442.0098 Fax 580.248.2188 mark.a.cass2.ctr () mail mil<mailto:mark.a.cass2.ctr () mail mil> Classification: UNCLASSIFIED Caveats: NONE ________________________________ The information contained in this email message is intended only for the use of the individual(s) to whom it is addressed and may contain information that is privileged and sensitive. If you are not the intended recipient, or otherwise have received this communication in error, please notify the sender immediately by email at the above referenced address and note that any further dissemination, distribution or copying of this communication is strictly prohibited. The U.S. Export Control Laws regulate the export and re-export of technology originating in the United States. This includes the electronic transmission of information and software to foreign countries and to certain foreign nationals. Recipient agrees to abide by these laws and their regulations -- including the U.S. Department of Commerce Export Administration Regulations and the U.S. Department of State International Traffic in Arms Regulations -- and not to transfer, by electronic transmission or otherwise, any content derived from this email to either a foreign national or a foreign destination in violation of such laws.
------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- trying this again (UNCLASSIFIED) Cass, Mark A CTR (US) (Dec 13)
- Re: trying this again (UNCLASSIFIED) Rhoades . Jon (Dec 13)
- Re: trying this again (UNCLASSIFIED) Peter Bates (Dec 13)
- Re: trying this again (UNCLASSIFIED) Cass, Mark A CTR (US) (Dec 14)
- Re: trying this again (UNCLASSIFIED) beenph (Dec 14)
- Re: trying this again (UNCLASSIFIED) Cass, Mark A CTR (US) (Dec 14)
- Re: trying this again (UNCLASSIFIED) Peter Bates (Dec 14)
- Re: trying this again (UNCLASSIFIED) beenph (Dec 14)
- Re: trying this again (UNCLASSIFIED) beenph (Dec 14)
- Re: trying this again (UNCLASSIFIED) Rhoades . Jon (Dec 13)