Snort mailing list archives
Re: First time snorting ... ERROR: The dynamic detection library ...
From: waldo kitty <wkitty42 () windstream net>
Date: Tue, 19 Nov 2013 19:14:43 -0500
On 11/19/2013 3:39 PM, Alan McKay wrote:
On Tue, Nov 19, 2013 at 3:30 PM, waldo kitty <wkitty42 () windstream net> wrote:FWIW: those rules will trigger on pretty much any traffic that snort sees... if they are not triggering at all, then your traffic may be packaged in some packet type... are you using VLans?Nope, and wow, no kidding about those rules triggering anything! I definitely have alerts now in the web GUI for barnyard. Lots and lots of alerts! So I've disabled those now.
yay!! we now know that your snort is definitely seeing traffic :)
Best I can tell it was not alerting until I included the -D switch to daemonize it. That's odd but maybe expected. I dunno.
yeah, i'm not sure about that... when running in "sniffer" mode (without -D), you should have seen the alert flowing across the screen... what version of snort are you running again? and what OS? VM or no?
So I'm going to keep my eye on it to see what's what. And keep digging into the manual. So ... I think it is working. Fingers crossed and we'll see.
since you are seeing alerts in the database now, yes... your snort and your barnyard are working :)
I'd like to figure out how to get the most serious alerts in email but maybe reading the fine manual will tell me that :-)
yeah, that's something that another tool will handle... i don't think that
barnyard does this as its job is to get the alerts into the database... but a
database monitoring tool should be able to handle this task...
--
NOTE: No off-list assistance is given without prior approval.
Please keep mailing list traffic on the list unless
private contact is specifically requested and granted.
------------------------------------------------------------------------------
Shape the Mobile Experience: Free Subscription
Software experts and developers: Be at the forefront of tech innovation.
Intel(R) Software Adrenaline delivers strategic insight and game-changing
conversations that shape the rapidly evolving mobile landscape. Sign up now.
http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: First time snorting ... ERROR: The dynamic detection library ..., (continued)
- Re: First time snorting ... ERROR: The dynamic detection library ... Alan McKay (Nov 15)
- Re: First time snorting ... ERROR: The dynamic detection library ... Y M (Nov 15)
- Re: First time snorting ... ERROR: The dynamic detection library ... Alan McKay (Nov 15)
- Re: First time snorting ... ERROR: The dynamic detection library ... waldo kitty (Nov 15)
- Re: First time snorting ... ERROR: The dynamic detection library ... Alan McKay (Nov 15)
- Re: First time snorting ... ERROR: The dynamic detection library ... Alan McKay (Nov 19)
- Re: First time snorting ... ERROR: The dynamic detection library ... waldo kitty (Nov 19)
- Re: First time snorting ... ERROR: The dynamic detection library ... Alan McKay (Nov 19)
- Re: First time snorting ... ERROR: The dynamic detection library ... Alan McKay (Nov 19)
- Re: First time snorting ... ERROR: The dynamic detection library ... waldo kitty (Nov 19)
- Re: First time snorting ... ERROR: The dynamic detection library ... waldo kitty (Nov 19)