Snort mailing list archives
Re: Test Snort
From: Russ <rucombs () cisco com>
Date: Mon, 25 Jul 2016 11:33:13 -0400
On 7/25/16 10:04 AM, Pratibha Rajan wrote:
This is a good sign. If you run snort in the foreground it is working, so your conf is OK etc.Hi Russ, Thanks for responding, I did as you suggested and it seems to be stuck at: *Commencing packet processing (pid=29664)*
This seems to be indicating a problem. Are you using --pid-path? If not, try setting that, or at least ensure that /var/log/ exists.when I check the /var/log/messages I see: *: WARNING: _PATH_VARRUN is invalid, trying /var/log/ ...: WARNING: /var/log/ is invalid, logging Snort PID path to log directory (/var/log/snort).: Writing PID "24421" to file "/var/log/snort//snort_ens192.pid"*
What do I do next? Thanks Pratibha. ------------------------------------------------------------------------ To: snort-users () lists sourceforge net From: rucombs () cisco com Date: Mon, 25 Jul 2016 07:52:00 -0400 Subject: Re: [Snort-users] Test SnortThe script probably does need tweaking. I suggest you run the snort binary directly using the same options as the script but drop -D, -E, and -M if present to see exactly what is going on.On 7/24/16 9:49 AM, pratibha.nair12 () outlook com <mailto:pratibha.nair12 () outlook com> wrote:Hi, Can I get some help here? Thanks Pratibha On Fri, Jul 22, 2016 at 11:41 PM +0530, "Pratibha Rajan" <pratibha.nair12 () outlook com <mailto:pratibha.nair12 () outlook com>> wrote: Hi, This is with regard to the error I am facing while starting the snort service after the test Snort start up which was successfull: ****************************************************************** Preprocessor Object: SF_POP Version 1.0 <Build 1> Preprocessor Object: SF_FTPTELNET Version 1.2 <Build 13> Snort successfully validated the configuration! Snort exiting ******************************************************************** while trying to start the service this is the error being faced: ********************************************************************* [root@tparheidspxx1 init.d]# ./snort restart Stopping snort: [ OK ] Starting snort: Spawning daemon child... My daemon child 13226 lives... Daemon parent exiting (0) [ OK ] [root@tparheidspxx1 init.d]# ./snort status snort dead but subsys locked ************************************************************************** The initialization file i have used is the shell script from snort.downloads and below is the permission set for the same: [root@tparheidspxx1 init.d]# ls -l | grep snort -rwx------. 1 snort snort 3761 Jul 21 12:41 snort Few queries: Do I need to make changes to the script with respect to network interface? As the test snort is being run on a virtual machine. I see that the interface set in the script is "eth0". Is the permission set for the script correct? Also: ******************************************** # cd /var/log/snort # ls -l total 4 -rw-r--r--. 1 snort snort 0 Jul 22 09:25 alert -rw-------. 1 snort snort 6 Jul 22 13:50 snort_ens192.pid -rw-------. 1 snort snort 0 Jul 22 13:50 snort_ens192.pid.lck -rw-------. 1 snort snort 0 Jul 22 13:50 snort.log.1469209828 *ens192* is the management interface of the virtual machine. Kindly let me know if I need to attach any logs Thanks Pratibha ------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports.http://sdm.link/zohodev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net <mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visithttp://blog.snort.org to stay current on all the latest Snort news!------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports.http://sdm.link/zohodev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports.http://sdm.link/zohodev2dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Test Snort Pratibha Rajan (Jul 22)
- Re: Test Snort pratibha.nair12 (Jul 24)
- Re: Test Snort Russ (Jul 25)
- Re: Test Snort Pratibha Rajan (Jul 25)
- Re: Test Snort Russ (Jul 25)
- Re: Test Snort Joel Esler (jesler) (Jul 25)
- Re: Test Snort Russ (Jul 25)
- Re: Test Snort pratibha.nair12 (Jul 24)