Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Snort isn't doing anything..

From: "Harper, Patrick" <Patrick.Harper () phns com>
Date: Wed, 2 Mar 2005 17:11:45 -0600
Is it a true hub, some hubs are really switches.  The archives have a
lot about this issue.  What make and model? 

-----Original Message-----
From: Marc Hering [mailto:mhering () reval com] 
Sent: Wednesday, March 02, 2005 4:09 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Snort isn't doing anything..

Hey Everyone...

I just setup my first snort box running on Fedora Core 3.  I installed
everything, including ACID and started snort up...It starts up just fine
and a ps auxww |grep snort shows that the app is running..
 
502       3740  0.7 14.5 41444 37196 ?       Ss   16:56   0:01
/usr/local/bin/snort -c /usr/local/snort/etc/snort.conf -i eth1 -g
snortgroup -D -u snortuser

 
However, If I run an nmap scan (doesn't matter what options) on any host
on my network (Snort can see it, it's on a hub) it doesn't log anything.
So far it's only logged 1 alert for a SQL scan..  I have tried updating
the rules to no avail...
 
My snort.conf is the default out of the box setup, the only things i
have changed are as  follows
 
***********************Changed items in
snort.conf********************************
var RULE_PATH /usr/local/snort/rules
 
 
output database: log, mysql, user=thepropersnortuser
password=snortuserspassword dbname=thesnortdatabase host=localhost
  (Names have been changed to protect the innocent  :) )
 
 output alert_syslog: LOG_LOCAL3
 output alert_fast: snort.log
 output alert_full: alert.full
************************************************

 
 
From what I can understand....this SHOULD work, is there something I
have missed????
 
Thanks



-----------------------------------------
Disclaimer:  This electronic message, including any attachments, is
confidential and intended solely for use of the intended recipient(s). This
message may contain information that is privileged or otherwise protected
from disclosure by applicable law. Any unauthorized disclosure,
dissemination, use or reproduction is strictly prohibited. If you have
received this message in error, please delete it and notify the sender
immediately.



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: