RE: Snort and acid prob!!! Acid not running :(

["Murray, Todd" <Todd.Murray () adidasus com>]

Look at your action stats.  Snort didn't log any data.  Start snort as a
daemon service with the -D switch.  Then check /var/log/messages to make
sure its loading the rules.  You'll find it reports the number of rules
loaded at the end.  If its loading them all then leave it up and running and
get yourself a port scanner and scan your sensor.  You might also try
running a vunderability scan on the sensor with the MS baseline scanner.
Either should trigger rules.

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Aparna Mangla
Sent: Wednesday, July 14, 2004 3:12 AM
To: Patrick S. Harper; nwoliver () internetsecurityguru com;
snort-users () lists sourceforge net
Subject: [Snort-users] Snort and acid prob!!! Acid not running :(

hi 
plz help me urgently.

I have installed snort-2.0.2 with acid 0.9.6b23 on redhat 9. I think i
followed all the steps correctly. and when i run :
snort -c /etc/snort/snort.conf
i get the following output at the end:


============================================================================
===
Snort analyzed 471 out of 471 packets, dropping 0(0.000%) packets

Breakdown by protocol:                Action Stats:
    TCP: 29         (6.157%)          ALERTS: 0
    UDP: 208        (44.161%)         LOGGED: 0
   ICMP: 89         (18.896%)         PASSED: 0
    ARP: 90         (19.108%)
  EAPOL: 0          (0.000%)
   IPv6: 0          (0.000%)
    IPX: 0          (0.000%)
  OTHER: 55         (11.677%)
DISCARD: 0          (0.000%)
============================================================================
===
Wireless Stats:
Breakdown by type:
    Management Packets: 0          (0.000%)
    Control Packets:    0          (0.000%)
    Data Packets:       0          (0.000%)
============================================================================
===
Fragmentation Stats:
Fragmented IP Packets: 0          (0.000%)
    Fragment Trackers: 0
   Rebuilt IP Packets: 0
   Frag elements used: 0
Discarded(incomplete): 0
   Discarded(timeout): 0
  Frag2 memory faults: 0
============================================================================
===
TCP Stream Reassembly Stats:
        TCP Packets Used: 29         (6.157%)
         Stream Trackers: 9
          Stream flushes: 0
           Segments used: 0
   Stream4 Memory Faults: 0
============================================================================
===
database: Closing connection to database "snort"
Snort exiting

Now...when i start the httpd interface, i get 0 alerts, 0 sensors, 0 %
UDP, 0% TCP.....as though it is inactive.
I am connected on LAN of 50 PCs.
Please tell me how to correct it.
Hoping for an urgent reply.
Thanking you
Aparna Mangla


-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users