Snort mailing list archives
Re: First time snorting ... ERROR: The dynamic detection library ...
From: waldo kitty <wkitty42 () windstream net>
Date: Thu, 14 Nov 2013 19:41:55 -0500
On 11/14/2013 3:40 PM, Alan McKay wrote:
On Thu, Nov 14, 2013 at 3:24 PM, waldo kitty <wkitty42 () windstream net> wrote:speaking of command lines, what is your snort command line?Straight out of that doc I'd posted earlier /usr/local/snort/bin/snort -u snort -g snort -c /usr/local/snort/etc/snort.conf -i eth0
ahhh... ok... so you are not (yet) running it daemonized... my bad, too, because the output would be in your /var/logs/messages file if you were running it daemonized... sorry about that :?
THough now I just changed it to /usr/local/snort/bin/snort -u snort -g snort -c /usr/local/snort/etc/snort.conf -i eth0 > /var/log/snort/snort.startup.log 2>&1
ok... try adding "-k none" before your "-c" or after your "eth0"...
also, you might want to stop snort, delete the snort log file in /var/logs... then restart it, give it a few minutes, terminate it again and post that log... we might spot something in there...Snort logs are empty :
ok... looking at the below, i thought you might have been looking at the snort.log.xxxxxxxxxx files... those are pcap (aka packet capture) files... what i was looking for, above, is the startup and shutdown output of snort... your snort.startup.log should have the information i was looking for... when you start to run snort daemonized, you won't use that redirection and all that information will be written to your system log...
root@ogic2:/usr/local/snort/etc# ls -al /var/log/snort/ total 36 drwxr-xr-x 2 snort snort 4096 Nov 14 15:35 . drwxr-xr-x 19 root root 4096 Nov 14 10:36 .. -rw-r--r-- 1 snort snort 2056 Nov 14 15:29 barnyard2.waldo -rw-r--r-- 1 root root 22416 Nov 14 15:35 snort.startup.log -rw------- 1 snort snort 0 Nov 14 15:33 snort.u2.1384461197 -rw------- 1 snort snort 0 Nov 14 15:35 snort.u2.1384461344
yep, your u2 files are definitely empty... that indicates one of two things... 1. your snort is not seeing the traffic OR 2. the traffic your snort is seeing is not triggering any alert rules
Here is the startup log https://docs.google.com/document/d/1bd3atMiqTBvbwF8BIpZDSVEr1vYniyM0GSIHZGvVWO8/edit?usp=sharing
i'll take a look... [time passes] ok... this indicates that snort is running and looking for traffic... Commencing packet processing (pid=31755) now we need to see the rest of the output when you shut down snort... that will give us the statistics of traffic that it has seen, if any at all...
Anyway, thanks. I'll start going through the FAQ instead of that other doc.
;) -- NOTE: No off-list assistance is given without prior approval. Please keep mailing list traffic on the list unless private contact is specifically requested and granted. ------------------------------------------------------------------------------ DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access Free app hosting. Or install the open source package on any LAMP server. Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native! http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: First time snorting ... ERROR: The dynamic detection library ..., (continued)
- Re: First time snorting ... ERROR: The dynamic detection library ... waldo kitty (Nov 14)
- Re: First time snorting ... ERROR: The dynamic detection library ... Alan McKay (Nov 14)
- Re: First time snorting ... ERROR: The dynamic detection library ... waldo kitty (Nov 14)
- Re: First time snorting ... ERROR: The dynamic detection library ... Alan McKay (Nov 14)
- Re: First time snorting ... ERROR: The dynamic detection library ... Alan McKay (Nov 14)
- Re: First time snorting ... ERROR: The dynamic detection library ... Alan McKay (Nov 14)
- Re: First time snorting ... ERROR: The dynamic detection library ... waldo kitty (Nov 14)
- Re: First time snorting ... ERROR: The dynamic detection library ... Alan McKay (Nov 14)
- Re: First time snorting ... ERROR: The dynamic detection library ... waldo kitty (Nov 14)
- Re: First time snorting ... ERROR: The dynamic detection library ... Alan McKay (Nov 14)
- Re: First time snorting ... ERROR: The dynamic detection library ... waldo kitty (Nov 14)
- Re: First time snorting ... ERROR: The dynamic detection library ... Alan McKay (Nov 15)
- Re: First time snorting ... ERROR: The dynamic detection library ... Y M (Nov 15)
- Re: First time snorting ... ERROR: The dynamic detection library ... Alan McKay (Nov 15)
- Re: First time snorting ... ERROR: The dynamic detection library ... waldo kitty (Nov 15)
- Re: First time snorting ... ERROR: The dynamic detection library ... Alan McKay (Nov 15)
- Re: First time snorting ... ERROR: The dynamic detection library ... Alan McKay (Nov 19)
- Re: First time snorting ... ERROR: The dynamic detection library ... waldo kitty (Nov 19)
- Re: First time snorting ... ERROR: The dynamic detection library ... Alan McKay (Nov 19)
- Re: First time snorting ... ERROR: The dynamic detection library ... Alan McKay (Nov 19)
- Re: First time snorting ... ERROR: The dynamic detection library ... waldo kitty (Nov 19)
- Re: First time snorting ... ERROR: The dynamic detection library ... Alan McKay (Nov 14)
- Re: First time snorting ... ERROR: The dynamic detection library ... waldo kitty (Nov 14)