Re: trying this again (UNCLASSIFIED)

[Rhoades.Jon <Rhoades.Jon () ensco com>]

I run about 15 sensors under Ubuntu but will try and help. Probably be a lot of back and forth as your description does 
not have a lot of details and it is a big request.

Questions. Let's start with snort


1)      How did you install snort? RPMs or source and compile? If compile what options did you pass to snort in the 
configure command?

2)      Is snort running? ps -eaf | grep snort cut and paste the output.

3)      If snort is running is it generating output. The typical place to dump what snort finds is /var/log/sort but 
that can be changed. In the directory do you see files like this? snort.u2.1355029461

4)      If snort is running kill it then run snort without the -D option and see what it says. If it has something it 
does not like you should see it on the console.

5)      What is snort supposed to listen to? Do you have TAPs? Span port? Basically are you getting traffic for snort 
to watch and how are you doing it.



Enough for now. See what you reply with and go from there.



-Jon Rhoades

From: Cass, Mark A CTR (US) [mailto:mark.a.cass2.ctr () mail mil]
Sent: Wednesday, December 12, 2012 10:28 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] trying this again (UNCLASSIFIED)

Classification: UNCLASSIFIED
Caveats: NONE
Hello,

I've tried e-mailing the list before with not one response, but here it goes again:

I'm trying to implement a snort IDS with add-ons in a RHEL 6.3 x86 VMWare server.  I need to get snort, mysql, 
barnyard2, snorby, and pulled pork all working together.  The problem, is that guides are either made for just 
snort/mysql install, or for a different OS like Ubuntu, or for an old version of snort, or for other 3rd party 
software, or are telling you some sort of db configuration schema script to run that doesn't exist where it says it 
should (later finding out it came with barnyard2 instead of the snort package) so I've no help from any of the 
so-called "setup" or "configuration" guides.  I've got snort, mysql, barnyard2 and pulled pork installed at the moment, 
but nothing is working together.  Pulled pork has errors, but I believe the last I left it, was downloading rules, 
snort doesn't output to barnyard2 or barnyard2 isn't writing to the mysql database, I have no idea.  I've never set up 
an IDS before, never messed with the CPAN or perl stuff, and honestly was expecting some rpm files to install and an 
hour or so on some of the configuration scripts.  I'm pulling my hair out over this right now, as my work time to 
implement this doesn't allow the hours and hours and hours I apparently would need to spend scouring the internet's 
furthest reaches for correct and proper information pertaining to the operating system used and all add-ons, however, 
believe me, I've spent countless hours already trying to do just that.  I've kind of given up just a bit in the last 
couple of weeks because I can't find any good useful information on this particular setup.

Has anyone ever set this up on a RHEL 6 installation with the additional utilities I've listed, and can help me?

Thank you,

Mark A. Cass
Security+ CE, RHCSA, MCTS
Systems Administrator/Network Manager (SANM)
CGI Federal Contractor

700 McNair Ave.
Suite 107 (Knox Hall)
Fort Sill, Oklahoma 73503
Ph.   580.442.0098
Fax   580.248.2188
mark.a.cass2.ctr () mail mil<mailto:mark.a.cass2.ctr () mail mil>


Classification: UNCLASSIFIED
Caveats: NONE

________________________________
The information contained in this email message is intended only for the use of the individual(s) to whom it is 
addressed and may contain information that is privileged and sensitive. If you are not the intended recipient, or 
otherwise have received this communication in error, please notify the sender immediately by email at the above 
referenced address and note that any further dissemination, distribution or copying of this communication is strictly 
prohibited.

The U.S. Export Control Laws regulate the export and re-export of technology originating in the United States. This 
includes the electronic transmission of information and software to foreign countries and to certain foreign nationals. 
Recipient agrees to abide by these laws and their regulations -- including the U.S. Department of Commerce Export 
Administration Regulations and the U.S. Department of State International Traffic in Arms Regulations -- and not to 
transfer, by electronic transmission or otherwise, any content derived from this email to either a foreign national or 
a foreign destination in violation of such laws.

------------------------------------------------------------------------------
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!