FW: Several Questions About Snort Operation

["Kaplan, Andrew H." <AHKAPLAN () PARTNERS ORG>]

Previous message being forwarded...

-----Original Message-----
From: Kaplan, Andrew H. 
Sent: Friday, September 19, 2003 9:01 AM
To: 'jon baer'
Cc: 'snort-users () lists sourceforge net'
Subject: RE: [Snort-users] Several Questions About Snort Operation


Hi Jon,

I ran a check of the snort.conf file and everything appears to be in order.
Just in case I missed something,
I've included it as an attachment in this e-mail for your perusal. As far as
eth0 running in promiscuous mode,
the syntax you mentioned in your e-amil had been entered into the rc.local
file. I checked the /var/log/messages
file, and confirmed that eth0 was running in promiscuous mode. Thanks again
for the help.

-----Original Message-----
From: jon baer [mailto:security () jonbaer net]
Sent: Thursday, September 18, 2003 4:14 PM
To: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Several Questions About Snort Operation


what does your snort.conf file look like? @ along the bottom somewhere u
should have the output processor set to log to mysql (output database:
alert,mysql, [credentials])

also make sure that interface eth0 is put into promiscious mode (ifconfig
eth0 promisc)

- jon

----- Original Message -----
From: "Kaplan, Andrew H." <AHKAPLAN () PARTNERS ORG>
To: <snort-users () lists sourceforge net>
Sent: Thursday, September 18, 2003 4:39 PM
Subject: [Snort-users] Several Questions About Snort Operation


> Hi there,
>
> I got Snort installed onto my system and when I run the binary from the
shell
> prompt it appears that Snort is running. The syntax that I used is:
>
> ./snort -A full -i eth0 -c /etc/snort/snort.conf -v
>
> There are some things that I am not sure about:
>
> 1. I have the ACID program up and running but I am not getting
> information to display on the screen.
> 2. When I checked the snort_db database under MySQL there was no data.
> This probably explains the situation on item 1.
> 3. What, if anything, do I need to load on remote machines in order for
> the Snort server to be able to check things out on them?
>
> Essentially it appears Snort does run on my system, but there is no data
being
> generated within the database and consequently nothing is appearing
> on the ACID console.
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Attachment: snort.conf.rtf
Description: