Snort mailing list archives
Snort not logging /VAR/LOG/SNORT alerts after Nessus scan
From: Iain Lorimer <iain.lorimer () gmail com>
Date: Tue, 18 Nov 2014 15:16:31 +0000
Hi Folks, I'm hoping you could help a real Noob out as I feel I'm now going round in circles. I have attempted to set up snort on a Raspberry Pi Model B using Raspbian, based on the Debian Linux OS distribution following this tutorial http://youresuchageek.blogspot.co.uk/2012/11/howto-guide-to-snort-ids-in-debian.html I have successfully installed snort 2.9.7.0 with the snort dependencies libpcap 1.3.0, libdnet 1.12 and libdnet daq 2.0.4 tar.gz. I have tested this by pinging the RPI which displayed on the terminal. This also puts a log within /var/log/snort. I have installed Barnyard2 but not bothered with having this speak to the SQL database as I just want a bare bones IDS logging to /Var/Log/snort alerts for starters. I have successfully installed pulledpork and updated my rules /etc/snort/rules snort.rules Again I have not bothered with configuring Apache2 and install BASE as I will check var/log/snort alerts for any suspicious traffic. To test snort I have ran Nessus against it but the alerts in /var/log/snort/ remain empty. I have been Googling this issue for a fair few days now and beginning to loose enthusiasm. Any help to show me where I have gone wrong would be greatly appreciated, if you could let me know what you will require as in .conf files to help diagnose the problem. Thank you Snort community
------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort not logging /VAR/LOG/SNORT alerts after Nessus scan Iain Lorimer (Nov 18)