Re: Only an empty Alert file :(

[Balasubramaniam Natarajan <bala150985 () gmail com>]

HI Dean,

You need to edit your snort.conf file and include the new rule which you
have created.  Only then it would capture it.

Try to create the file under local.rule file under the rules directory as
it is already included in the snort.conf

Let me konw if that works.

On Mon, Mar 12, 2012 at 4:10 AM, Dean Farwood <dean_farwood () comcast net>wrote:

> Hello,****
>
> ** **
>
> I’m running Snort 2.8.5.2 (Build 121) on Ubuntu 11.10 with
> 3.0.0-16-generic kernel.****
>
> ** **
>
> I have written the following rule called */etc/snort/rules/password.rules*
> :****
>
> ** **
>
> alert tcp any any <> 192.168.1.110 any (content:”password”; msg:”Potential
> Password Violation”; sid: 11995522;)****
>
> ** **
>
> My snort command is:****
>
> snort -dev -c /etc/snort/snort.conf -l /etc/snort/log2 -K ascii****
>
> ** **
>
> I then transfer a file with the word “password” in it from the Linux
> system to a Windows system using Samba. The packets are captured as
> evidenced by the terminal display. The Windows system successfully
> authenticates to Samba and the file can be viewed on the Windows system.**
> **
>
> ** **
>
> PROBLEM: No directories are created in the /etc/snort/log2 directories.
> Only an empty “Alert” file appears.****
>
> ** **
>
> If I run a command like:****
>
> ** **
>
> snort –dev –l /etc/snort/log2 –K ascii****
>
> ** **
>
> I get normal logging directories with IP address directory names etc.****
>
> ** **
>
> This command also results in nothing in /etc/snort/log2 except the empty
> alert file.****
>
> snort –dev –c /etc/snort/rules/password.rules –l /etc/snort/log2 –K ascii*
> ***
>
> ** **
>
> REQUEST: Any help I can get to allow proper logging when using the –c
> option would be much appreciated.****
>
> ** **
>
> Thanks,****
>
> ** **
>
> Dean****
>
> ** **
>
> ** **
>
> ** **
>
> ** **
>
> ** **
>
> ** **
>
> snort -dev -c /etc/snort/snort.conf -l /etc/snort/log2 -K ascii****
>
>
> ------------------------------------------------------------------------------
> Virtualization & Cloud Management Using Capacity Planning
> Cloud computing makes use of virtualization - but cloud computing
> also focuses on allowing computing to be delivered as a service.
> http://www.accelacomm.com/jaw/sfnl/114/51521223/
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs () lists sourceforge net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> http://www.snort.org
>
>
> Please visit http://blog.snort.org for the latest news about Snort!



-- 
Regards,
Balasubramaniam Natarajan
www.etutorshop.com/moodle/

------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!