Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Snort testing

From: "Patrick Harper" <patrick.harper () phns com>
Date: Thu, 8 Apr 2004 09:17:51 -0500
Look in /var/log/snort for an alert file. If it is there then you have a
db connection problem.  Double check the snort.conf output line and the
acid_conf.php to make sure that everything is correct.  Is mysql
running?


Patrick S. Harper | CISSP RHCT MCSE
Information Security Engineer
patrick.harper () phns com 

-----Original Message-----
From: David Nardoni [mailto:dnardoni () firstresponseconsulting com] 
Sent: Wednesday, April 07, 2004 1:58 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Snort testing


I am very new to snort and I am need some help on getting it running
correctly.  It appears that snort is running but not accumulating
alerts. I followed the SNORT, PHP, Apache, MySQL and ACID install guide
by Patrick Harper.

Here is what I get when I run ps -ef | grep snort  /usr/local/bin/snort
-c /etc/snort/snort.conf -I eth0 -g snort -D

When I run a nmap scan on the ip address it does not generate any
alerts.

This is a system set up on a local LAN attached to a hub.  

I have even run sneeze and received no alerts.

Any help would be appreciated.

David Nardoni CISSP
First Response Consulting Services, Inc.  
dnardoni () firstresponseconsulting com 




-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




Disclaimer:
This electronic message, including any attachments, is confidential and intended solely for use of the intended 
recipient(s). This message may contain information that is privileged or otherwise protected from disclosure by 
applicable law. Any unauthorized disclosure, dissemination, use or reproduction is strictly prohibited. If you have 
received this message in error, please delete it and notify the sender immediately. 





-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: