Snort mailing list archives
RE: My BASE did not have any alerts
From: "Adam Kliarsky" <360air () comcast net>
Date: Sun, 17 Apr 2005 09:19:36 -0700
Yeah, Nessus should produce all sorts of red on your base console
Ok, assuming you're on a *nix system, do the following
1. check for the running snort process ("ps -aux | grep snort")
You should see two entries if snort is running (one for the process, and one
for your ps query)
If snort is not running, start it up ("snort -c <path to snort.conf> -i
<interface>")
2. packet dump on the same interface to make sure libpcap is working and
capturing packets
- "snort -dv -i <interface>" - this will display the packets to the screen
so you can check
3. check the logs to see if you are getting mysql login errors or other
similar
- (/var/log/messages)
4. did you verify that you can login to MySQL with the user supplied in
snort.conf?
5. check base_conf.php:
- $Dbtype = "mysql";
- $alert_dbname = "snort";
- $alert_host = "localhost";
- $alert_user = "snort";
- $alert_password = "your own password";
Let me know if that produces anything -
Adam
-----Original Message-----
From: mr leokenzie [mailto:tenminustwo () hotmail com]
Sent: Sunday, April 17, 2005 8:38 AM
To: 360air () comcast net
Subject: RE: [Snort-users] My BASE did not have any alerts
1. im not sure whether i started running snort, but i did run the database
2. I have not check whether theres error 3. output plugin is configured as
follows (output database: log, mysql, user=snort password=myown password
dbname=snort host=localhost) 4. what do you mean by dump on the interface to
ensure it receives the packet
When i scan nessus, does base actually shows the results and stats?
Thanks
From: "Adam Kliarsky" <360air () comcast net> Reply-To: <360air () comcast net> To: "'mr leokenzie'" <tenminustwo () hotmail com>,<snort-users () lists sourceforge net> Subject: RE: [Snort-users] My BASE did not have any alerts Date: Sat, 16 Apr 2005 18:37:26 -0700 This could be related to several things - can you describe your system (platform, db, etc)? - did you verify snort & database processes are running? Did you restart them? - do you see any errors (/var/log/messages) - is the output plugin in snort.conf configured properly (output database: log, mysql, user=??? password=??? dbname=??? host=localhost) - did you dump on the interface to ensure you're receiving packets? -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of mr leokenzie Sent: Friday, April 15, 2005 12:33 AM To: snort-users () lists sourceforge net Subject: [Snort-users] My BASE did not have any alerts What have I done wrong? I did a scan with nessus but when i go to my BASE website it did not display anything. Why is that? I make it focus on port 80 and target it at my own ip address. Please kindly Help. Thanks _________________________________________________________________ Don't just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/ ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_________________________________________________________________ Is your PC infected? Get a FREE online computer virus scan from McAfeeR Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- My BASE did not have any alerts mr leokenzie (Apr 15)
- Re: My BASE did not have any alerts Kevin Johnson (Apr 16)
- RE: My BASE did not have any alerts Adam Kliarsky (Apr 16)
- <Possible follow-ups>
- RE: My BASE did not have any alerts Adam Kliarsky (Apr 17)
- RE: My BASE did not have any alerts Adam Kliarsky (Apr 17)
- management console hans (Apr 18)
- Message not available
- Re: management console hans (Apr 20)
- restarting snort and archive move failed on base hans (Apr 20)
- Re: restarting snort and archive move failed on base hans (Apr 27)
- management console hans (Apr 18)