Snort mailing list archives
RE: PureSecure is crazy
From: "Robin Brown" <robin_brown () totalcomm com>
Date: Tue, 18 Jun 2002 08:58:00 -0400
I had the same issue with a new sensor being created every time I restarted. Try these links, the update worked for me: http://www.demarc.com/downloads/other/ http://www.demarc.com/downloads/other/snort-db.txt -Robin Message: 10 From: =?ISO-8859-1?Q?Fran=E7ois?= Jan <fjan () wanadoo fr> To: snort-users () lists sourceforge net Organization: Date: 17 Jun 2002 23:48:29 +0200 Subject: [Snort-users] PureSecure is crazy Hi, I tried to find the answer on this mailing-list but nobody seems to have ran into the same problem as me so I'm gonna explain it in hope somebody has a solution. I upgraded from demarc 1.05 to PureSecure 1.6 on a redhat 7.3. I run snort on ppp0 on one server and the console on another computer. When I first started, I noticed a sensor I didn't know of. I deleted it through the console but it keeps coming back with increasing sensor id. I looked into MySQL but couldn't understand where this sensor comes from. Since my psd.conf indicates sensorid =3D 1, I began to think about psd not using psd.conf. Another point : if I change snort options in this same file and I restart psd, it doesn't care about my options and uses the "-o -N" default. my psd.conf file is in the place it should be (/usr/local/puresecure/sensor/conf) and I really don't have a clue where to start from. Thanks. --=20 Fran=E7ois Jan <fjan () wanadoo fr> --__--__-- Message: 11 From: "Michael Steele" <michaels () silicondefense com> To: <armfield () amnh org> Cc: <snort-users () lists sourceforge net> Subject: RE: [Snort-users] Installing Snort on Win 2K Date: Mon, 17 Jun 2002 17:43:26 -0700 Raoul, Check this out! Should be everything you need to get it up and running. Not sure why you are getting g the errors, but we can sure troubleshoot it if ya want. http://www.silicondefense.com/techsupport/windows.htm Michael Steele | System Engineer / System Administrator mailto:michaels () silicondefense com http://www.silicondefense.com -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Raoul Armfield Sent: June 17, 2002 1:33 PM To: snort-users () lists sourceforge net Subject: [Snort-users] Installing Snort on Win 2K I realize this is a newbie question but I am trying to install Snort 1.8.5 on a Win2K pro machine on my home network. and am getting problems with finding certain files it looks for ie. Alert.ids, in addition when I send it to alertmail.ids it seems happy (satisfied) with that but when I test configuration I get a Error msg: Error: Openpcap device() open: error opening adapter Fatal error quiting. Any ideas what causes this and if there is somewhere where I can find documentation on installing snort on WIN2K I seem to be able to find a plethora of info for flavors of unices. -- Raoul Armfield Support Specialist IT-Callcenter mailto:armfield () amnh org Central Park West at 79th Street New York, NY, 10024 212.313.7258 _______________________________________________________________ Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users --__--__-- Message: 12 From: "Michael Steele" <michaels () silicondefense com> To: "'Ronneil Camara'" <ronneilc () remingtonltd com> Cc: <snort-users () lists sourceforge net> Subject: RE: [Snort-users] Problem emailing alerts from ACID Date: Mon, 17 Jun 2002 17:45:12 -0700 Ronneil, Are you really sure you have Sendmail installed? Michael Steele | System Engineer / Support Technician mailto:michaels () silicondefense com Silicon Defense: IDS solutions - http://www.silicondefense.com Snort: Open Source Network IDS - http://www.snort.org -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Ronneil Camara Sent: June 17, 2002 2:37 PM To: snort-users () lists sourceforge net Subject: RE: [Snort-users] Problem emailing alerts from ACID
-----Original Message----- From: Bradley, Paul [mailto:paulb () cta com] Sent: Monday, June 17, 2002 9:31 AM To: 'snort-users () lists sourceforge net' Subject: [Snort-users] Problem emailing alerts from ACID Using SNORT 1.8.6 w/ ACID 0.9.6b21 running on RedHat 7.2. Upon attempting to email summary of events from ACID, I get the following error: "EXPORT ERROR: Could not send exported alerts to 'paulb () cta com'. Check the mail configuration in PHP. Successful EXPORT-summary - 5 alert(s)" I have checked the /usr/local/lib/php.ini file and verified: sendmail_path = '/usr/sbin/sendmail -t -i' However, I still cannot email the events. Any suggestions?
What about sending mail from within the console of your ids box using mail command? What o.s. are you running? Neil ------------------------------------------------------------------------ ---------------------------- Sponsor's Message ------------------------------------------------------------------------ ---------------------------- Bringing you mounds of caffeinated joy >>> http://thinkgeek.com/sf <<< _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list --__--__-- _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-users End of Snort-users Digest ---------------------------------------------------------------------------- Bringing you mounds of caffeinated joy >>> http://thinkgeek.com/sf <<< _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- PureSecure is crazy François Jan (Jun 17)
- Re: PureSecure is crazy Ian Macdonald (Jun 18)
- Re: PureSecure is crazy François Jan (Jun 18)
- <Possible follow-ups>
- RE: PureSecure is crazy Robin Brown (Jun 18)
- Re: PureSecure is crazy Ian Macdonald (Jun 18)