Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: not write alert file

From: Hideki Hirata <hawk () nsd r-ts co jp>
Date: Tue, 18 Nov 2003 17:40:13 +0900
so early reply to thank you.
configutate and exec right now.
but result unchangeble.


Just because you have the icmp.rules enabled does not mean you are
alerting on every ping request.  There is not a signature in the default
icmp.rules file that fires on every ping.



1. /etc/snort/snort.conf has changed

(omission of part)


#=========================================
# Include all relevant rulesets here
#
# shellcode, policy, info, backdoor, and virus rulesets are
# disabled by default.  These require tuning and maintance.
# Please read the included specific file for more information.
#=========================================


(omission of part)


include $RULE_PATH/icmp.rules

↓
# include $RULE_PATH/icmp.rules

need change other configration.?

2.# snort -c /etc/snort/snort.conf (RETURN)
  # ping eth0 address (RETURN)
  # CTRL+C (RETURN)
===============================================================================
Snort analyzed 262 out of 262 packets, dropping 0(0.000%) packets

Breakdown by protocol:                Action Stats:
    TCP: 11         (4.198%)          ALERTS: 0
    UDP: 114        (43.511%)         LOGGED: 0
   ICMP: 0          (0.000%)          PASSED: 0
    ARP: 29         (11.069%)
  EAPOL: 0          (0.000%)
   IPv6: 0          (0.000%)
    IPX: 0          (0.000%)
  OTHER: 105        (40.076%)
DISCARD: 0          (0.000%)
===============================================================================
Wireless Stats:
Breakdown by type:
    Management Packets: 0          (0.000%)
    Control Packets:    0          (0.000%)
    Data Packets:       0          (0.000%)
===============================================================================
Fragmentation Stats:
Fragmented IP Packets: 0          (0.000%)
    Fragment Trackers: 0
   Rebuilt IP Packets: 0
   Frag elements used: 0
Discarded(incomplete): 0
   Discarded(timeout): 0
  Frag2 memory faults: 0
===============================================================================
TCP Stream Reassembly Stats:
        TCP Packets Used: 11         (4.198%)
         Stream Trackers: 1
          Stream flushes: 2
           Segments used: 4
   Stream4 Memory Faults: 0
===============================================================================
snort Exiting

3.alart file result 
[root@idstest hawk]# cd /var/log/snort
[root@idstest hawk]# ls -al

(omission of part)

-rwxrwxrwx    1 snort    snort           0 Nov 18 17:16 alert

Packets seem could pick up but alart nothing write.
I wish advice precious infomation.
Regards.



-------------------------------------------------------
This SF. Net email is sponsored by: GoToMyPC
GoToMyPC is the fast, easy and secure way to access your computer from
any Web browser or wireless device. Click here to Try it Free!
https://www.gotomypc.com/tr/OSDN/AW/Q4_2003/t/g22lp?Target=mm/g22lp.tmpl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: