Snort mailing list archives
Re: Unrecognised syslog facility/priority in snort
From: Mayur Patil <ram.nath241089 () gmail com>
Date: Fri, 11 Oct 2013 13:37:13 +0530
Hi Pravin Sir,
I tried your steps.
1. I have opened tcp and udp connections by launching telnet and nc
command.
2. I have disabled firewalls and iptables on centos
[root@clc ~]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
Chain FORWARD (policy DROP)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Also on ubuntu,
# service ufw status
ufw stop/waiting
after this I tried again to log the alert into syslog but not
successful.
Some troubleshooting I have done:
1. Lanuching *netstat -au* gives syslog in UDP list on log server
root@logserver:~# netstat -au
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address
State
udp 0 0 *:syslog
*:*
udp 0 0 localhost:domain
*:*
udp 0 0 *:37461
*:*
udp 0 0 *:mdns
*:*
udp6 0 0 [::]:syslog
[::]:*
udp6 0 0 [::]:45621
[::]:*
udp6 0 0 [::]:mdns [::]:*
for snort machine, output is in this link : http://fpaste.org/46013/
2. I am also sending netstat output of two machines:
http://fpaste.org/45997/
Still unsuccessful,
Please help,
Seeking for guidance,
Thanks !
*
--
*
*Cheers,
Mayur*
------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: Unrecognised syslog facility/priority in snort Mayur Patil (Oct 04)
- Re: Unrecognised syslog facility/priority in snort Mayur Patil (Oct 04)
- Re: Unrecognised syslog facility/priority in snort praveen_recker . (Oct 04)
- Fwd: Unrecognised syslog facility/priority in snort Mayur Patil (Oct 07)
- Message not available
- Re: Unrecognised syslog facility/priority in snort Mayur Patil (Oct 08)
- Re: Unrecognised syslog facility/priority in snort Mayur Patil (Oct 09)
- Message not available
- <Possible follow-ups>
- Re: Unrecognised syslog facility/priority in snort wkitty42 (Oct 09)
- Re: Unrecognised syslog facility/priority in snort Mayur Patil (Oct 09)
- Re: Unrecognised syslog facility/priority in snort Mayur Patil (Oct 11)
- Re: Unrecognised syslog facility/priority in snort Mayur Patil (Oct 11)
- Re: Unrecognised syslog facility/priority in snort Mayur Patil (Oct 11)
- Re: Unrecognised syslog facility/priority in snort Mayur Patil (Oct 11)
- Message not available
- Re: Unrecognised syslog facility/priority in snort Mayur Patil (Oct 13)
- Re: Unrecognised syslog facility/priority in snort praveen_recker . (Oct 13)
- Message not available
- Fwd: Unrecognised syslog facility/priority in snort Mayur Patil (Oct 17)
- Re: Fwd: Unrecognised syslog facility/priority in snort Peter Bates (Oct 18)
- Re: Unrecognised syslog facility/priority in snort Mayur Patil (Oct 09)