Snort mailing list archives
installing snort ? (john greene)
From: "Edwin Ramos" <edwinr03 () hotmail com>
Date: Fri, 12 Mar 2004 03:34:51 +0800
From: snort-users-request () lists sourceforge net Reply-To: snort-users () lists sourceforge net To: snort-users () lists sourceforge net Subject: Snort-users digest, Vol 1 #4037 - 10 msgs Date: Wed, 10 Mar 2004 20:26:52 -0800 Send Snort-users mailing list submissions to snort-users () lists sourceforge net To subscribe or unsubscribe via the World Wide Web, visit https://lists.sourceforge.net/lists/listinfo/snort-users or, via email, send a message with subject or body 'help' to snort-users-request () lists sourceforge net You can reach the person managing the list at snort-users-admin () lists sourceforge net When replying, please edit your Subject line so it is more specific than "Re: Contents of Snort-users digest..." Today's Topics: 1. Re: failure to generate alerts from tcpdump file (Matt Kettler) 2. LogRep (Mike Koponick) 3. Question about passwd file (Michael.Mulholland () dfpni gov uk) 4. Re: Interesting problem with Snort 2.1.0 today -- (Jeremy Hewlett) 5. Re: Question about passwd file (twig les) 6. Snort log management (Jason Humes) 7. Performance tuning for a G5 Xserve? (David DeCoster) 8. installing snort ? (john greene) 9. Patch for Snort FAQ (Jason Monroe "JC") 10. Re: installing snort ? (Matt Kettler) --__--__-- Message: 1 Date: Wed, 10 Mar 2004 11:03:38 -0500 To: jwang () fit edu, snort-users () lists sourceforge net From: Matt Kettler <mkettler () evi-inc com> Subject: Re: [Snort-users] failure to generate alerts from tcpdump file At 03:06 AM 3/10/2004, jwang () fit edu wrote: > am all new to snort, and just finished install and configed the >snort.conf file, also downloaded and installed the latest ruleset from >snort.org. but when i was trying to do the following command, it failed! >if i take out "-c /.../snort.conf" in command line, the system will only >give me an empty alert file?! i would like to knw if there is more i have >to config, any other command that will give me the alerts that i wanted? > >[root@localhost snort]# snort -s -r attack_file_8.tcpdump -c >/etc/snort/conf/rules -c /etc/snort/conf/snort.conf >... >Warning: /etc/snort/conf/rules/exploit.rules(42) => Unknown keyword >'isdataat' in rule! Sounds like you are using rules that are too new for your version of snort.If you are using snort 2.0. use the 2.0 rule tarball, not the 2.1 rule tarball--__--__-- Message: 2 Date: Wed, 10 Mar 2004 09:38:07 -0800 From: "Mike Koponick" <mike () redhawk info> To: <snort-users () lists sourceforge net> Subject: [Snort-users] LogRep I'm sorry if this is off topic, but I'm running into a bit of an issue. I have installed LogRep Light, 1.4.2 in my RH9.0 box. I have installed all the necessary perl modules, but I still get an error when running the following command: perl /usr/local/logrep/bin/module-snort.pl --verbose -l /var/log/snort/snort.log -w /www/htdocs/snort -d 3 -s "month.day,from,event" The error: Can't locate object method "new" via package "CGI" (perhaps you forgot to load "CGI"?) at /usr/local/logrep/bin/util/perl/Logrep/Common.pm line 128. Compilation failed in require at /usr/local/logrep/bin/module-snort.pl line 31. BEGIN failed--compilation aborted at /usr/local/logrep/bin/module-snort.pl line 31. I'm no Perl expert so any advice would be helpful. Thanks in advance for your help. Mike --__--__-- Message: 3 To: snort-users () lists sourceforge net From: Michael.Mulholland () dfpni gov uk Date: Wed, 10 Mar 2004 18:02:24 +0000 Subject: [Snort-users] Question about passwd file folks, i'm still relatively inexperienced in this field but here goes! I can log onto my snort box from PuTTy on port 22 with my root password but when i try it locally i get denied i have checked the keyboard on the box is UK using the setup command and even added an account to the /etc/passwd file as root user but when i try to logon as the new user i get an access denied both locally and remotely root has rw control to the passwd file and when i vi/etc/passwd i can see the new account is held there. any one any ideas on how i can access the box locally or check further to see if the keyboard or locale is the problem? thanks to anyone who takes the time to respond michael mulholland ******************************************************************************************* Any views expressed by the sender of this message are not necessarily those of the Department of Finance & Personnel or The Office Of the First and Deputy First Minister. This email and any files transmitted with it are intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender immediately by using the reply facility in your email software. All emails are swept for the presence of viruses. ******************************************************************************************* --__--__-- Message: 4 Date: Wed, 10 Mar 2004 14:02:01 -0500 From: Jeremy Hewlett <jh () sourcefire com> To: snort-users () lists sourceforge net Subject: Re: [Snort-users] Interesting problem with Snort 2.1.0 today -- On Tue, Mar 09, sam () neuroflux com wrote:> We had an interesting problem with Snort today.. Basically what happened> was that the process started matching every single packet as the MS-SQL > Worm Propegation attempt (sid: 2003). Sounds like a known issue with 2.1.0. Have you tried 2.1.1? --__--__-- Message: 5 Date: Wed, 10 Mar 2004 10:57:47 -0800 (PST) From: twig les <twigles () yahoo com> Subject: Re: [Snort-users] Question about passwd file To: snort-users () lists sourceforge net --- Michael.Mulholland () dfpni gov uk wrote: > > > > > folks, > > i'm still relatively inexperienced in this field but here > goes! > > I can log onto my snort box from PuTTy on port 22 with my root > password but > when i try it locally i get denied > > i have checked the keyboard on the box is UK using the setup > command and > even added an account to the /etc/passwd file as root user but > when i try > to logon as the new user i get an access denied both locally > and remotely > > root has rw control to the passwd file and when i > vi/etc/passwd i can see > the new account is held there. > > any one any ideas on how i can access the box locally or check > further to > see if the keyboard or locale is the problem? > > thanks to anyone who takes the time to respond > michael mulholland > > This is horrifically off-topic for this list, you are looking for general hardware troubleshooting and basic configuration help for your OS, which you didn't even mention the name of. Every Linux I know of has its own mailing list, try there. ===== ----------------------------------------------------------- With a few exceptions, secrecy is deeply incompatible with democracy and with science. --Carl Sagan ----------------------------------------------------------- __________________________________ Do you Yahoo!? Yahoo! Search - Find what youre looking for faster http://search.yahoo.com --__--__-- Message: 6 From: Jason Humes <jhumes () acs on ca> To: "'snort-users () lists sourceforge net'" <snort-users () lists sourceforge net> Date: Wed, 10 Mar 2004 14:04:08 -0500 Subject: [Snort-users] Snort log management HiI've got a small network appliance running snort which I used the Echelon CD to install. This PC network appliance only has a 3gig hard drive and I findthat it fills up quite fast with snort logs. I log to a mysql database and I was wondering if there is any sort of automatic log archiving/deleting function or some way of doing a RRD type of database. Thanks Jason D. Humes ********************************************************************** Confidentiality Notice: The information contained in this e-mail and any attachments may be legally privileged and confidential. If you are not an intended recipient, you are hereby notified that any dissemination, distribution or copying of this e-mail and any attachments is strictly prohibited. If you received this e-mail in error, please notify the sender and permanently delete the e-mail and any attachments immediately. You should not retain, copy or use this e-mail or any attachment for any purpose, nor disclose all or any part of the contents to any other person. Thank you. --__--__-- Message: 7 Date: Wed, 10 Mar 2004 13:23:09 -0600 From: David DeCoster <decoster () engr wisc edu> To: <snort-users () lists sourceforge net> Subject: [Snort-users] Performance tuning for a G5 Xserve? Hello all,I am currently in the process of doing performance testing of Snort 2.1.1 ona variety of platforms, including the Apple G5 running OS X 10.3. I know there is a bunch of tuning that can be done to improve the performance of a snort sensor running on linux such as low-latency kernel patches and TCP/IP stack tuning (this is how our current snort sensors are set up). For the last 2 years I have had good luck with this arrangement. What I don't know is the following: Is there any way to tweak OS X 10.3 to improve the performance? I have done quite a few web searches for information of this kind and I have come up blank (with the exception of Henwen). Any information would be greatly appreciated. Thanks, -dave --__--__-- Message: 8 Date: Wed, 10 Mar 2004 16:46:15 -0800 (PST) From: john greene <john_g123_12 () yahoo com> To: snort-users () lists sourceforge net Subject: [Snort-users] installing snort ? at the download page there are files to download for snort *.tar.gz starting from April 2003 to Feb 2004 how are these to be installed ? do they have to be compiled on individual desktops ?with make ? __________________________________ Do you Yahoo!? Yahoo! Search - Find what youre looking for faster http://search.yahoo.com --__--__-- Message: 9 From: "Jason Monroe \"JC\"" <monroe () nas nasa gov> To: snort-users () lists sourceforge net Date: Wed, 10 Mar 2004 17:14:50 -0800 Subject: [Snort-users] Patch for Snort FAQ --=-+2jSoNEC43CsjEgMYvIJ Content-Type: text/plain Content-Transfer-Encoding: 7bit Please accept this patch for FAQ section 6.1 Thanks, JC --=-+2jSoNEC43CsjEgMYvIJ Content-Disposition: attachment; filename=Faq.patch Content-Transfer-Encoding: base64 Content-Type: text/x-patch; name=Faq.patch; charset= LS0tIEZBUS1vcmlnLnR4dAkyMDA0LTAyLTI2IDAwOjQ3OjAwLjAwMDAwMDAwMCAtMDgwMA0KKysr IEZBUS50eHQJMjAwNC0wMi0yNiAwMDo0ODozMC4wMDAwMDAwMDAgLTA4MDANCkBAIC0yNzI1LDcg KzI3MjUsNyBAQA0KIA0KICAgKiBbXWdkYiBzbm9ydA0KIA0KLSAgICBnZGI+IHJ1biBzbm9ydFxf YXJnc1xfZ29cX2hlcmUNCisgICAgZ2RiPiBydW4gXF9hcmdzXF9nb1xfaGVyZQ0KIA0KIFRoZW4g d2hlbiBpdCBjcmFzaGVzOg0KIA0K --=-+2jSoNEC43CsjEgMYvIJ-- --__--__-- Message: 10 Date: Wed, 10 Mar 2004 21:04:11 -0500 To: john greene <john_g123_12 () yahoo com>, snort-users () lists sourceforge net From: Matt Kettler <mkettler () evi-inc com> Subject: Re: [Snort-users] installing snort ? At 07:46 PM 3/10/2004, john greene wrote: >at the download page there are files to download for >snort *.tar.gz starting from April 2003 to Feb 2004 > >how are these to be installed ? The same way nearly all tarball packages are done: tar -xzf snort*.tar.gz cd snort* ./configure make make installOr you could read the INSTALL file that's inside doc directory of the tarball.Note: all of the above assumes you're running snort on a unix or unix-like platform. If you're going to run on windows, download the precompiled win32 binaries.. compiling for windows is not an entirely simple task due to snort's unix-ish roots. The win32 binaries are at: http://www.snort.org/dl/binaries/win32/ And they will require that you get and install winpcap. You might also want to check out www.winsnort.com, they've got lots of good install guides and goodies tailored to the win32 user. --__--__-- _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-users End of Snort-users Digest
_________________________________________________________________MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. http://join.msn.com/?page=features/virus
------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- installing snort ? (john greene) Edwin Ramos (Mar 11)