Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: I need some serious help

From: Erek Adams <erek () theadamsfamily net>
Date: Tue, 11 Jun 2002 11:42:06 -0700 (PDT)
On Tue, 11 Jun 2002, Don wrote:


thats the problem, snort is setup for tcpdump, i cannot replay the dump
files, it gives an error, reading the files in an editor reveals there are a
number of codered scans, and apparently something in the code prevents the
playback, using the command line
snort -dr snort.log -c c:\extract\snort.conf -l c:\extract\log
snort is restarted daily, creating 0606 () 14-snort log 0607 () 14-snort log, and
so on, i copy the logs to/from a remote system and play them back to get the
alerts and log structure for parsing and investigation, these particular
files from just this system, when i go to rename them to snort.log for the
extraction process, it says in use, cannot be renamed, and the file then
self-deletes. weird i say.


Well...  From reading between the lines and guessing:

        You're on a Win32 system--I'm sorry.
        If you're snorting on a *NIX box and bringing the capture files over,
be sure you use the right transfer mode.


Other things that aren't even guessable:

        What error?  You say you have an error, but _what_ is it?
        File in use?  Did you _stop_ snort from running?  If not, it's still
got the file descriptor open, and you can't really do too much with that on a
Win32 system.
        How are you running snort?
        What version of Snort?  1.8.6 is latest release, 1.8.7beta6 is the
current beta.
        What's in your snort.conf?
        Have you tried just running it as 'snort -vader <filename>' just to
make sure the data is valid?  If that works, then your problem is in your
config file.

Cheers!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net


_______________________________________________________________

Multimillion Dollar Computer Inventory
Live Webcast Auctions Thru Aug. 2002 - http://www.cowanalexander.com/calendar



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: