Snort mailing list archives
Maximum Post-ing Speed Limit
From: "Jeremy Junginger" <jjunginger () interactcommerce com>
Date: Mon, 26 Aug 2002 10:53:08 -0700
Just a suggestion:
It appears that you are nearing the maximum post-ing speed limit.heheh.
Perhaps you should attempt to figure the problem out (apply some logical
thought to it) before posting to the group. The snort.conf file is well
commented and quite easily used. The questions you are asking almost
answer themselves when you read snort.conf. I'm just trying to help you
out.if you use the groups for every little question, people will be far
less likely to help than if you were to put some thought into it. Also,
remember that these posts live on the internet for a long time. Good
luck and have fun with snort..
-Jeremy
--- Begin Message --- From: "Uhte, Russ" <RussU () RP-L com>
Date: Mon, 26 Aug 2002 10:08:26 -0700
I would like to exclude a subnet of IP addresses from the EXTERNAL_NET How do I go about doing this?? -Russ <http://www.cisco.com/warp/public/10/wwtraining/certprog/> Russ Uhte, CCNA <http://www.cisco.com/warp/public/10/wwtraining/certprog/> , MCP <http://www.microsoft.com/mcp> , A+ <http://www.comptia.org/certification/aplus/index.htm> Network Administrator Richmond Power <http://www.rp-l.com/> & Light Parallax Systems <http://www.parallax.ws/> Division <http://www.microsoft.com/mcp> --- CONFIDENTIALITY NOTICE: This email and any attachments are for the exclusive and confidential use of the intended recipient. If you are not the intended recipient, please do not read, distribute or take action in reliance upon this message. If you have received this in error, please notify us immediately by return email and promptly delete this message and its attachments from your computer system. ---
--- End Message ---
--- Begin Message --- From: "Uhte, Russ" <RussU () RP-L com>
Date: Mon, 26 Aug 2002 09:28:36 -0700
I'm running snort on a Windows 2000 machine using mysql and ACID. What I did was change my acid.conf line that from log to alert... that fixed my problem with logging!! -Russ -----Original Message----- From: LogicET () aol com [mailto:LogicET () aol com] Sent: Monday, August 26, 2002 11:08 AM To: snort-users () lists sourceforge net Subject: [Snort-users] Re: Snort -T failure I am having the same problem as you. If you go to a directory that contains the snort.conf file and run snort from there, it will initialize correctly. When running snort from there it runs and logs correctly. Can anyone tell us why and how to allow snort to run when executed from any directory? In a message dated 8/26/2002 11:39:43 AM Eastern Daylight Time, snort-users-request () lists sourceforge net writes: hello, Yesterday I wrote because I had a problem with 'unicode'. I found out that I installed the wrong version of snortrules. Now I installed snort-1.8.7.tar.gz and snortrules.tar.gz following the manual Snort, MySQL, Redhat 7.2. I tried the snort -T command again and got a new failure message: [root@localhost inprog]# snort -T Log directory = /var/log/snort Initializing Network Interface eth0 using config file /root/.snortrc Initializing Preprocessors! Initializing Plug-ins! Initializating Output Plugins! Parsing Rules file /root/.snortrc +++++++++++++++++++++++++++++++++++++++++++++++++++ Initializing rule chains... ERROR: Unable to open rules file: /root/.snortrc or /root//root/.snortrc Fatal Error, Quitting.. I didn't found the .snortrc file on the redhat mashine. Why snort wants to use the .snortrc file to inizialise and not the snort.conf file? What can I do now to run snort? --- CONFIDENTIALITY NOTICE: This email and any attachments are for the exclusive and confidential use of the intended recipient. If you are not the intended recipient, please do not read, distribute or take action in reliance upon this message. If you have received this in error, please notify us immediately by return email and promptly delete this message and its attachments from your computer system. ---
--- End Message ---
--- Begin Message --- From: "Uhte, Russ" <RussU () RP-L com>
Date: Mon, 26 Aug 2002 09:02:56 -0700
Hello All... I'm having a problem with the graphing of ACID using Windows 2000 and IIS 5. When I try to do even the test page, I just see the little red x's... I've configured IIS for php and included the dblibpath, the chartlibpath. I've un-commented the extension=php_gd.dll in the php.ini file...I'm not sure what I'm missing here... Thanks, Russ <http://www.cisco.com/warp/public/10/wwtraining/certprog/> Russ Uhte, CCNA <http://www.cisco.com/warp/public/10/wwtraining/certprog/> , MCP <http://www.microsoft.com/mcp> , A+ <http://www.comptia.org/certification/aplus/index.htm> Network Administrator Richmond Power <http://www.rp-l.com/> & Light Parallax Systems <http://www.parallax.ws/> Division <http://www.microsoft.com/mcp> --- CONFIDENTIALITY NOTICE: This email and any attachments are for the exclusive and confidential use of the intended recipient. If you are not the intended recipient, please do not read, distribute or take action in reliance upon this message. If you have received this in error, please notify us immediately by return email and promptly delete this message and its attachments from your computer system. ---
--- End Message ---
--- Begin Message --- From: "Uhte, Russ" <RussU () RP-L com>
Date: Mon, 26 Aug 2002 09:22:36 -0700
Problem solved thanks!! -Russ -----Original Message----- From: Uhte, Russ [mailto:RussU () RP-L com] Sent: Monday, August 26, 2002 10:54 AM To: 'snort-users () lists sourceforge net' Subject: [Snort-users] Snort on ACID Portscan problem Hello all, I can't seem to get ACID to look at my portscan.log file. I have the statement $portscan_file = "c:\snort\logs\portscan.log"; in the acid.conf file, however, when I view the site, and click portscan traffic, nothing shows up... even when there is stuff in the portscan.log file.... Any ideas would be appreciated!! Thanks, Russ <http://www.cisco.com/warp/public/10/wwtraining/certprog/> Russ Uhte, CCNA <http://www.cisco.com/warp/public/10/wwtraining/certprog/> , MCP <http://www.microsoft.com/mcp> , A+ <http://www.comptia.org/certification/aplus/index.htm> Network Administrator Richmond Power <http://www.rp-l.com/> & Light Parallax <http://www.parallax.ws/> Systems Division <http://www.microsoft.com/mcp> --- CONFIDENTIALITY NOTICE: This email and any attachments are for the exclusive and confidential use of the intended recipient. If you are not the intended recipient, please do not read, distribute or take action in reliance upon this message. If you have received this in error, please notify us immediately by return email and promptly delete this message and its attachments from your computer system. --- --- CONFIDENTIALITY NOTICE: This email and any attachments are for the exclusive and confidential use of the intended recipient. If you are not the intended recipient, please do not read, distribute or take action in reliance upon this message. If you have received this in error, please notify us immediately by return email and promptly delete this message and its attachments from your computer system. ---
--- End Message ---
--- Begin Message --- From: "Uhte, Russ" <RussU () RP-L com>
Date: Mon, 26 Aug 2002 08:53:51 -0700
Hello all, I can't seem to get ACID to look at my portscan.log file. I have the statement $portscan_file = "c:\snort\logs\portscan.log"; in the acid.conf file, however, when I view the site, and click portscan traffic, nothing shows up... even when there is stuff in the portscan.log file.... Any ideas would be appreciated!! Thanks, Russ <http://www.cisco.com/warp/public/10/wwtraining/certprog/> Russ Uhte, CCNA <http://www.cisco.com/warp/public/10/wwtraining/certprog/> , MCP <http://www.microsoft.com/mcp> , A+ <http://www.comptia.org/certification/aplus/index.htm> Network Administrator Richmond Power <http://www.rp-l.com/> & Light Parallax Systems <http://www.parallax.ws/> Division <http://www.microsoft.com/mcp> --- CONFIDENTIALITY NOTICE: This email and any attachments are for the exclusive and confidential use of the intended recipient. If you are not the intended recipient, please do not read, distribute or take action in reliance upon this message. If you have received this in error, please notify us immediately by return email and promptly delete this message and its attachments from your computer system. ---
--- End Message ---
Attachment:
smime.p7s
Description:
Current thread:
- Maximum Post-ing Speed Limit Jeremy Junginger (Aug 26)