Snort mailing list archives
RE: Help with SnortCenter
From: "Morgan R. Elmore" <Morgan () SEEMAC COM>
Date: Mon, 20 Jan 2003 09:10:25 -0500
Your best bet is to break it down into the simplest parts. 1. Make sure that snortcenter console got a good push to the agent. Verify it by checking to make sure the file exists. 2. Make sure that the interface you are sniffing on is enabled. 3. See if you can start snort manually with the agent .conf file. My bet is option two (because it happened to me). -----Original Message----- From: Counselman, Chris Contractor/Sverdrup [mailto:chris.counselman () us army mil] Sent: Friday, January 17, 2003 3:15 PM To: 'Erick Mechler'; Matt T. Galvin Cc: snort-users () lists sourceforge net Subject: RE: [Snort-users] Help with SnortCenter I am having the same problem. I have the front end and agent setup and can interact with the sensors to a limited degree. I am running snortcenter .9.6 on redhat 8.0 using snort 1.9.0. I updated the rules from the internet, setup the database, and did everything else the setup said to. When I attempt to restart the snort service snortcenter stops the snort daemon but cannot properly start it nor can I push rules or the .conf file out. Where does snortcenter default to when it is uploading rules and the conf files to the sensors? Where can I change this value? Is there any good documentation on snortcenter other than the snortcenter/acid/redhat 7.3 guide or what you can find on the snortcenter website? Thanks, Chris -----Original Message----- From: Erick Mechler [mailto:emechler () techometer net] Sent: Friday, January 17, 2003 1:23 PM To: Matt T. Galvin Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] Help with SnortCenter :: I am having trouble getting snort center to see the rules and in turn :: actually do anything, the web interface is all set up and the sensor is :: set up but the rules are not being seen. How can i get this to work, i :: have tried editing every config var i can find a few different ways and :: have had no luck, I'm confused. Are you saying that you don't have any rules in snortcenter to push to your sensors? By default, snortcenter doesn't ship with any signatures, so you have to go do the Rules menu, and select "Update/Import rules" to actually get signatures into the DB. Once you've done that, you can use snortcenter to select which rules you want pushed to your sensors. Sorry if this isn't what you're asking; more information would be good. Cheers - Erick ------------------------------------------------------- This SF.NET email is sponsored by: Thawte.com - A 128-bit supercerts will allow you to extend the highest allowed 128 bit encryption to all your clients even if they use browsers that are limited to 40 bit encryption. Get a guide here:http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0030en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.NET email is sponsored by: FREE SSL Guide from Thawte are you planning your Web Server Security? Click here to get a FREE Thawte SSL guide and find the answers to all your SSL security issues. http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Help with SnortCenter Matt T. Galvin (Jan 17)
- Re: Help with SnortCenter Erick Mechler (Jan 17)
- <Possible follow-ups>
- RE: Help with SnortCenter Counselman, Chris Contractor/Sverdrup (Jan 18)
- Re: Help with SnortCenter Erick Mechler (Jan 17)
- RE: Help with SnortCenter Morgan R. Elmore (Jan 20)