Snort mailing list archives

Previous By Date Next
Previous By Thread Next

installing snort ? (john greene)

From: "Edwin Ramos" <edwinr03 () hotmail com>
Date: Fri, 12 Mar 2004 03:34:51 +0800




From: snort-users-request () lists sourceforge net
Reply-To: snort-users () lists sourceforge net
To: snort-users () lists sourceforge net
Subject: Snort-users digest, Vol 1 #4037 - 10 msgs
Date: Wed, 10 Mar 2004 20:26:52 -0800

Send Snort-users mailing list submissions to
        snort-users () lists sourceforge net

To subscribe or unsubscribe via the World Wide Web, visit
        https://lists.sourceforge.net/lists/listinfo/snort-users
or, via email, send a message with subject or body 'help' to
        snort-users-request () lists sourceforge net

You can reach the person managing the list at
        snort-users-admin () lists sourceforge net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Snort-users digest..."


Today's Topics:

   1. Re: failure to generate alerts from tcpdump file (Matt Kettler)
   2. LogRep (Mike Koponick)
   3. Question about passwd file (Michael.Mulholland () dfpni gov uk)
   4. Re: Interesting problem with Snort 2.1.0 today -- (Jeremy Hewlett)
   5. Re: Question about passwd file (twig les)
   6. Snort log management (Jason Humes)
   7. Performance tuning for a G5 Xserve? (David DeCoster)
   8. installing snort ? (john greene)
   9. Patch for Snort FAQ (Jason Monroe "JC")
  10. Re: installing snort ? (Matt Kettler)

--__--__--

Message: 1
Date: Wed, 10 Mar 2004 11:03:38 -0500
To: jwang () fit edu, snort-users () lists sourceforge net
From: Matt Kettler <mkettler () evi-inc com>
Subject: Re: [Snort-users] failure to generate alerts from tcpdump file

At 03:06 AM 3/10/2004, jwang () fit edu wrote:
>  am all new to snort, and just finished install and configed the
>snort.conf file, also downloaded and installed the latest ruleset from
>snort.org. but when i was trying to do the following command, it failed!
>if i take out "-c /.../snort.conf" in command line, the system will only
>give me an empty alert file?! i would like to knw if there is more i have
>to config, any other command that will give me the alerts that i wanted?
>
>[root@localhost snort]# snort -s -r attack_file_8.tcpdump -c
>/etc/snort/conf/rules -c /etc/snort/conf/snort.conf
>...
>Warning: /etc/snort/conf/rules/exploit.rules(42) => Unknown keyword
>'isdataat' in rule!

Sounds like you are using rules that are too new for your version of snort.
If you are using snort 2.0. use the 2.0 rule tarball, not the 2.1 rule tarball 



--__--__--

Message: 2
Date: Wed, 10 Mar 2004 09:38:07 -0800
From: "Mike Koponick" <mike () redhawk info>
To: <snort-users () lists sourceforge net>
Subject: [Snort-users] LogRep

I'm sorry if this is off topic, but I'm running into a bit of an issue.

I have installed LogRep Light, 1.4.2 in my RH9.0 box. I have installed
all the necessary perl modules, but I still get an error when running
the following command:

perl /usr/local/logrep/bin/module-snort.pl --verbose -l
/var/log/snort/snort.log -w /www/htdocs/snort -d 3 -s
"month.day,from,event"

The error:

Can't locate object method "new" via package "CGI" (perhaps you forgot
to load "CGI"?) at /usr/local/logrep/bin/util/perl/Logrep/Common.pm line
128.
Compilation failed in require at /usr/local/logrep/bin/module-snort.pl
line 31.
BEGIN failed--compilation aborted at
/usr/local/logrep/bin/module-snort.pl line 31.

I'm no Perl expert so any advice would be helpful.


Thanks in advance for your help.

Mike




--__--__--

Message: 3
To: snort-users () lists sourceforge net
From: Michael.Mulholland () dfpni gov uk
Date: Wed, 10 Mar 2004 18:02:24 +0000
Subject: [Snort-users] Question about passwd file





folks,

i'm still relatively inexperienced in this field but here goes!

I can log onto my snort box from PuTTy on port 22 with my root password but
when i try it locally i get denied

i have checked the keyboard on the box is UK using the setup command and
even added an account to the /etc/passwd file as root user but when i try
to logon as the new user i get an access denied both locally and remotely

root has rw control to the passwd file and when i vi/etc/passwd i can see
the new account is held there.

any one any ideas on how i can access the box locally or check further to
see if the keyboard or locale is the problem?

thanks to anyone who takes the time to respond
michael mulholland




*******************************************************************************************

Any views expressed by the sender of this message are not necessarily those
of the Department of Finance & Personnel or The Office Of the First and
Deputy First Minister.  This email and any files
transmitted with it are intended solely for the use of the individual or
entity to whom they are addressed.  If you have received this email in
error please notify the sender immediately by using the reply facility in
your email software.  All emails are swept for the presence of viruses.
*******************************************************************************************



--__--__--

Message: 4
Date: Wed, 10 Mar 2004 14:02:01 -0500
From: Jeremy Hewlett <jh () sourcefire com>
To: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Interesting problem with Snort 2.1.0 today --

On Tue, Mar 09, sam () neuroflux com wrote:
> We had an interesting problem with Snort today.. Basically what happened 
> was that the process started matching every single packet as the MS-SQL
> Worm Propegation attempt (sid: 2003).

Sounds like a known issue with 2.1.0. Have you tried 2.1.1?



--__--__--

Message: 5
Date: Wed, 10 Mar 2004 10:57:47 -0800 (PST)
From: twig les <twigles () yahoo com>
Subject: Re: [Snort-users] Question about passwd file
To: snort-users () lists sourceforge net


--- Michael.Mulholland () dfpni gov uk wrote:
>
>
>
>
> folks,
>
> i'm still relatively inexperienced in this field but here
> goes!
>
> I can log onto my snort box from PuTTy on port 22 with my root
> password but
> when i try it locally i get denied
>
> i have checked the keyboard on the box is UK using the setup
> command and
> even added an account to the /etc/passwd file as root user but
> when i try
> to logon as the new user i get an access denied both locally
> and remotely
>
> root has rw control to the passwd file and when i
> vi/etc/passwd i can see
> the new account is held there.
>
> any one any ideas on how i can access the box locally or check
> further to
> see if the keyboard or locale is the problem?
>
> thanks to anyone who takes the time to respond
> michael mulholland
>
>

This is horrifically off-topic for this list, you are looking
for general hardware troubleshooting and basic configuration
help for your OS, which you didn't even mention the name of.
Every Linux I know of has its own mailing list, try there.

=====
-----------------------------------------------------------
With a few exceptions, secrecy is deeply incompatible with
democracy and with science.
     --Carl Sagan
-----------------------------------------------------------

__________________________________
Do you Yahoo!?
Yahoo! Search - Find what you’re looking for faster
http://search.yahoo.com


--__--__--

Message: 6
From: Jason Humes <jhumes () acs on ca>
To: "'snort-users () lists sourceforge net'"
         <snort-users () lists sourceforge net>
Date: Wed, 10 Mar 2004 14:04:08 -0500
Subject: [Snort-users] Snort log management

Hi
I've got a small network appliance running snort which I used the Echelon CD to install. This PC network appliance only has a 3gig hard drive and I find 
that it fills up quite fast with snort logs.  I log to a mysql database and
I was wondering if there is any sort of automatic log archiving/deleting
function or some way of doing a RRD type of database.  Thanks

Jason D. Humes



**********************************************************************

Confidentiality Notice:

The information contained in this e-mail and any attachments may be legally
privileged and confidential. If you are not an intended recipient, you are
hereby notified that any dissemination, distribution or copying of this
e-mail and any attachments is strictly prohibited. If you received this
e-mail in error, please notify the sender and permanently delete the e-mail
and any attachments immediately. You should not retain, copy or use this
e-mail or any attachment for any purpose, nor disclose all or any part of
the contents to any other person.

Thank you.



--__--__--

Message: 7
Date: Wed, 10 Mar 2004 13:23:09 -0600
From: David DeCoster <decoster () engr wisc edu>
To: <snort-users () lists sourceforge net>
Subject: [Snort-users] Performance tuning for a G5 Xserve?

Hello all,
I am currently in the process of doing performance testing of Snort 2.1.1 on 
a variety of platforms, including the Apple G5 running OS X 10.3.

I know there is a bunch of tuning that can be done to improve the
performance of a snort sensor running on linux such as low-latency kernel
patches and TCP/IP stack tuning (this is how our current snort sensors are
set up).  For the last 2 years I have had good luck with this arrangement.

What I don't know is the following:  Is there any way to tweak OS X 10.3 to
improve the performance?  I have done quite a few web searches for
information of this kind and I have come up blank (with the exception of
Henwen).

Any information would be greatly appreciated.

Thanks,

-dave



--__--__--

Message: 8
Date: Wed, 10 Mar 2004 16:46:15 -0800 (PST)
From: john greene <john_g123_12 () yahoo com>
To: snort-users () lists sourceforge net
Subject: [Snort-users] installing snort ?

at the download page there are files to download for
snort *.tar.gz starting from April 2003 to Feb 2004

how are these to be installed ?
do they have to be compiled on individual desktops
?with make ?



__________________________________
Do you Yahoo!?
Yahoo! Search - Find what you’re looking for faster
http://search.yahoo.com


--__--__--

Message: 9
From: "Jason Monroe \"JC\"" <monroe () nas nasa gov>
To: snort-users () lists sourceforge net
Date: Wed, 10 Mar 2004 17:14:50 -0800
Subject: [Snort-users] Patch for Snort FAQ


--=-+2jSoNEC43CsjEgMYvIJ
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

Please accept this patch for FAQ section 6.1

Thanks,

JC

--=-+2jSoNEC43CsjEgMYvIJ
Content-Disposition: attachment; filename=Faq.patch
Content-Transfer-Encoding: base64
Content-Type: text/x-patch; name=Faq.patch; charset=

LS0tIEZBUS1vcmlnLnR4dAkyMDA0LTAyLTI2IDAwOjQ3OjAwLjAwMDAwMDAwMCAtMDgwMA0KKysr
IEZBUS50eHQJMjAwNC0wMi0yNiAwMDo0ODozMC4wMDAwMDAwMDAgLTA4MDANCkBAIC0yNzI1LDcg
KzI3MjUsNyBAQA0KIA0KICAgKiBbXWdkYiBzbm9ydA0KIA0KLSAgICBnZGI+IHJ1biBzbm9ydFxf
YXJnc1xfZ29cX2hlcmUNCisgICAgZ2RiPiBydW4gXF9hcmdzXF9nb1xfaGVyZQ0KIA0KIFRoZW4g
d2hlbiBpdCBjcmFzaGVzOg0KIA0K

--=-+2jSoNEC43CsjEgMYvIJ--


--__--__--

Message: 10
Date: Wed, 10 Mar 2004 21:04:11 -0500
To: john greene <john_g123_12 () yahoo com>, snort-users () lists sourceforge net
From: Matt Kettler <mkettler () evi-inc com>
Subject: Re: [Snort-users] installing snort ?

At 07:46 PM 3/10/2004, john greene wrote:
>at the download page there are files to download for
>snort *.tar.gz starting from April 2003 to Feb 2004
>
>how are these to be installed ?

The same way nearly all tarball packages are done:

tar -xzf snort*.tar.gz
cd snort*
./configure
make
make install
Or you could read the INSTALL file that's inside doc directory of the tarball. 

Note: all of the above assumes you're running snort on a unix or unix-like
platform. If you're going to run on windows, download the precompiled win32
binaries.. compiling for windows is not an entirely simple task due to
snort's unix-ish roots.

The win32 binaries are at:
http://www.snort.org/dl/binaries/win32/

And they will require that you get and install winpcap.

You might also want to check out www.winsnort.com, they've got lots of good
install guides and goodies tailored to the win32 user.




--__--__--

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-users


End of Snort-users Digest


_________________________________________________________________
MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. http://join.msn.com/?page=features/virus 



-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: