Snort mailing list archives
Re: SNORT Installed properly But not Logging alerts
From: ARUN PUSHKAR <arunpushkar () gmail com>
Date: Thu, 21 Feb 2013 16:51:18 +0530
SOLVED as snort-rule-snapshot-2940 does not have default rule for bad traffic from 'http://testmyids.com' so you have to create rule for it in local.rules eg.alert ip any any -> any any (msg:"ATTACK-RESPONSES id check returned root"; content:"uid=0|28|root|29|"; classtype:bad-unknown; sid:498; rev:6;) On Wed, Feb 20, 2013 at 10:58 PM, ARUN PUSHKAR <arunpushkar () gmail com>wrote:
Yes it was ment for testing only, for confirming its correct installation, which worked fine. What i am asking is, when i run it normally(without -T) giving: ' sudo snort -c /usr/local/snort/etc/snort.conf -l /var/log/snort -i eth0 ' on command prompt it is not logging alerts in unified2 file which remains 0 bytes. for testing i am using ' curl http://testmyids.com '. problem is still not resolved On Wed, Feb 20, 2013 at 9:34 PM, Dustin Webber <dustin.webber () gmail com>wrote:You are using -T which I believe is test mode. So getting an exit status is expected behavior. On Feb 20, 2013, at 9:55 AM, ARUN PUSHKAR <arunpushkar () gmail com> wrote: *I have installed snort and after installation when i run following:* sudo snort -c /usr/local/snort/etc/snort.conf –dump-dynamic-rules=/usr/local/snort/so_rules *I Get:* Finished dumping dynamic rules. Snort exiting *When i run this:* sudo snort -c /usr/local/snort/etc/snort.conf -T -l /var/log/snort *I Get:* Snort successfully validated the configuration! Snort exiting *When i Run:* /usr/local/snort/bin/snort -i eth0 *I can see traffic but when i use ' curl http://testmyids.com ' for testing SNORT installation it does not gives any alert in unified2 file which is being logged in /var/log/snort* *snort config file has this line for logging into unified file :* output unified2: filename unified.snort.alert, limit 128 *And for starting snort i am using:* sudo snort -c /usr/local/snort/etc/snort.conf -l /var/log/snort -i eth0 *Every thing seems to be right but why is it not logging alerts ?* -- Arun Pushkar 09043404301 ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!-- Arun Pushkar 09043404301
-- Arun Pushkar 09043404301
------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- SNORT Installed properly But not Logging alerts ARUN PUSHKAR (Feb 20)
- Re: SNORT Installed properly But not Logging alerts Dustin Webber (Feb 20)
- Message not available
- Re: SNORT Installed properly But not Logging alerts ARUN PUSHKAR (Feb 21)
- Message not available
- Re: SNORT Installed properly But not Logging alerts Dustin Webber (Feb 20)