Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Up and Running

From: Joel Esler <jesler () sourcefire com>
Date: Tue, 11 Sep 2012 13:37:54 -0400
On Sep 11, 2012, at 1:20 PM, PR <oly562 () gmail com> wrote:


alrighty, i removed the # in front of $RULES also, mv'd so_rules and preproc_rules in /etc/snort and snort.conf 
configed to see them.

here's the stdout:

notice the whitelist complaining and..
Complaints below:

1.  Reputation config: 
WARNING: Can't find any whitelist/blacklist entries. Reputation Preprocessor disabled.


Correct.



2.  WARNING: flowbits key 'file.fli' is set but not ever checked. and 20 more like this...


Are you using pulled pork.



3. WARNING: No dynamic libraries found in directory /usr/local/lib/snort_dynamicrules.


This is an option in pulledpork.  It will place dynamic rules in the correct directory.



4. WARNING: ip4 normalizations disabled because not inline.
WARNING: tcp normalizations disabled because not inline.
WARNING: icmp4 normalizations disabled because not inline.


If you aren't inline, this is correct.



5. wondering about these few entries as well:

0 decoder rules
    0 preprocessor rules
zero?


If you aren't using preprocessor or decoder rules, that's correct.  These are commented out in the snort.conf by 
default.



and...

pcap DAQ configured to passive.


That's not a warning, that's informational.




if you can see anything wrong, please let me know, i feel im getting close... lol
thanks, pete



I don't show any stoppers.





<snip>
Commencing packet processing (pid=2828)



This means that Snort is running.


2nd STDOUT: for barnyard2 command:

root@jupiter:/var/lib/mysql/snort# /usr/local/bin/barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f 
snort.log -w /etc/snort/bylog.waldo -G /etc/snort/gen-msg.map -S /etc/snort/sid-msg.map -C 
/etc/snort/classification.config &


There is a command line option for barnyard2 to daemonize it.  You don't need to have "&" there.

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: