Snort mailing list archives
Re: Snort Reporting and logs
From: "Atkins, Dwane P" <ATKINSD () uthscsa edu>
Date: Thu, 13 Jan 2011 07:17:46 -0600
It shows it trying to load? I am guessing this is what the “?” in the PID means? Dwane ps -ef | grep snort root 1432 1206 0 Jan12 ? 00:01:57 /usr/local/bin/barnyard2 -c /usr/local/snort/etc/barnyard2.conf -G /usr/local/snort/etc/gen-msg.map -S /usr/local/snort/etc/sid-msg.map -d /var/log/snort -f snort.u2 -w /var/log/snort/barnyard2.waldo dubay 2109 2080 0 07:21 pts/0 00:00:00 grep --color=auto snort From: Joel Esler [mailto:jesler () sourcefire com] Sent: Wednesday, January 12, 2011 5:29 PM To: Atkins, Dwane P Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] Snort Reporting and logs Are you sure Snort is still running, and on the correct interface? Sent from my iPad On Jan 12, 2011, at 5:56 PM, "Atkins, Dwane P" <ATKINSD () uthscsa edu<mailto:ATKINSD () uthscsa edu>> wrote: Snort 2.9.0.3 has been installed on a PowerEdge 2850. I have a pretty decent hard drive on it and more if I need to do LVM. However, when I try to use the http://snortbox/snortreport-1.3.1/alerts.php, it will not view. So I look to see if I am actually logging packets and I go to /var/log/snort and I see the barnyard2.waldo has not been updated in almost 17 hours and that snort.u2.12$$$$$$ has not been up dates sfor 17 hours either. This is the busiest Vlan on campus and I am sure will always be updated. My questions are, 1.) How do I ensure that the logging continues? What does it stop like that? And--- 2.) Is there a reporting tool that is more reliable for me than SnortReports and if so, what do you all recommedn and is tehre install instructions for both installation and extrapulating the proper traffic from the Snort Sensors.? Thanks Dwane ------------------------------------------------------------------------------ Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them. Understand malware threats, the impact they can have on your business, and how you can protect your company and customers by using code signing. http://p.sf.net/sfu/oracle-sfdevnl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them. Understand malware threats, the impact they can have on your business, and how you can protect your company and customers by using code signing. http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort Reporting and logs Atkins, Dwane P (Jan 12)
- Re: Snort Reporting and logs Joel Esler (Jan 12)
- Re: Snort Reporting and logs Atkins, Dwane P (Jan 13)
- Re: Snort Reporting and logs Joel Esler (Jan 13)
- Re: Snort Reporting and logs Atkins, Dwane P (Jan 13)
- Re: Snort Reporting and logs Joel Esler (Jan 13)
- Re: Snort Reporting and logs Marcos Rodriguez (Jan 13)
- Re: Snort Reporting and logs Atkins, Dwane P (Jan 13)
- Re: Snort Reporting and logs Joel Esler (Jan 13)
- Re: Snort Reporting and logs Atkins, Dwane P (Jan 13)
- Re: Snort Reporting and logs Joel Esler (Jan 12)