Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snort not logging /VAR/LOG/SNORT alerts after Nessus scan

From: Iain Lorimer <iain.lorimer () gmail com>
Date: Tue, 18 Nov 2014 15:16:31 +0000
Hi Folks, I'm hoping you could help a real Noob out as I feel I'm now going
round in circles.

I have attempted to set up snort on a Raspberry Pi Model B using Raspbian,
based on the Debian Linux OS distribution following this tutorial
http://youresuchageek.blogspot.co.uk/2012/11/howto-guide-to-snort-ids-in-debian.html

I have successfully installed snort 2.9.7.0 with the snort dependencies
libpcap 1.3.0, libdnet 1.12 and libdnet daq 2.0.4 tar.gz. I have tested
this by pinging the RPI which displayed on the terminal. This also puts a
log within /var/log/snort.

I have installed Barnyard2 but not bothered with having this speak to the
SQL database as I just want a bare bones IDS logging to /Var/Log/snort
alerts for starters.

I have successfully installed pulledpork and updated my rules
/etc/snort/rules snort.rules

Again I have not bothered with configuring Apache2 and install BASE as I
will check var/log/snort alerts for any suspicious traffic.

To test snort I have ran Nessus against it but the alerts in
/var/log/snort/ remain empty.

I have been Googling this issue for a fair few days now and beginning to
loose enthusiasm.

Any help to show me where I have gone wrong would be greatly appreciated,
if you could let me know what you will require as in .conf files to help
diagnose the problem.

Thank you Snort community

------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: