Snort mailing list archives
Re: not event in snort 2.9.3
From: troxlinux <xserverlinux () gmail com>
Date: Thu, 27 Sep 2012 13:10:07 -0600
2012/9/27 beenph <beenph () gmail com>:
On Thu, Sep 27, 2012 at 2:32 PM, troxlinux <xserverlinux () gmail com> wrote:I just realized something since you posted some more information on snort over here. First your output configuration should be looking something like this output unified2: filename merged.log, limit 128
# unified2 # Recommended for most installs output unified2: filename snort.log, limit 128
Now what is your snort command line invocation? Also 1- do you have some rules defined?
yes , var RULE_PATH /etc/snort/rules var SO_RULE_PATH /etc/snort/so_rules var PREPROC_RULE_PATH /etc/snort/preproc_rules
2- are you seeing traffic on the interface you have configured snort to listen on?
/etc/sysconfig/snort INTERFACE=eth0 # # The following two options are not directly supported on the command line # or in the conf file and assume the same Snort configuration for all # instances # # To listen on all interfaces use this: #INTERFACE=ALL # # To listen only on given interfaces use this: #INTERFACE="eth1 eth2 eth3 eth4 eth5" # Where is Snort's configuration file? # -c {/path/to/snort.conf} CONF=/etc/snort/snort.conf # What user and group should Snort drop to after starting? This user and # group should have very few privileges. # -u {user} -g {group} # config set_uid: user # config set_gid: group # config set_uid: user # config set_gid: group USER=snort GROUP=snort # Should Snort change the order in which the rules are applied to packets. # Instead of being applied in the standard Alert->Pass->Log order, this will # apply them in Pass->Alert->Log order. # -o # config order: {actions in order} # e.g. config order: log alert pass activation dynamic suspicious redalert PASS_FIRST=0 #### Logging & Alerting # NOTE: NO_PACKET_LOG and BINARY_LOG, ALERTMODE, etc. are mutually # exclusive. Use either NO_PACKET_LOG or any/all of the other logging # options. But the more logging options use you, the slower Snort will run. # Where should Snort log? # -l {/path/to/logdir} regardss -- rickygm http://gnuforever.homelinux.com ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://ad.doubleclick.net/clk;258768047;13503038;j? http://info.appdynamics.com/FreeJavaPerformanceDownload.html _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- not event in snort 2.9.3 troxlinux (Sep 27)
- Re: not event in snort 2.9.3 beenph (Sep 27)
- Re: not event in snort 2.9.3 troxlinux (Sep 27)
- Message not available
- Re: not event in snort 2.9.3 troxlinux (Sep 27)
- Message not available
- Message not available
- Message not available
- Re: not event in snort 2.9.3 beenph (Sep 27)
- Message not available
- Re: not event in snort 2.9.3 beenph (Sep 27)
- Re: not event in snort 2.9.3 troxlinux (Sep 27)
- Re: not event in snort 2.9.3 beenph (Sep 27)