Snort mailing list archives

Re: Test Snort

From: Russ <rucombs () cisco com>
Date: Mon, 25 Jul 2016 07:52:00 -0400

The script probably does need tweaking. I suggest you run the snortbinary directly using the same options as the script but drop -D, -E,and -M if present to see exactly what is going on.


On 7/24/16 9:49 AM, pratibha.nair12 () outlook com wrote:


Hi,

Can I get some help here?

Thanks

Pratibha

On Fri, Jul 22, 2016 at 11:41 PM +0530, "Pratibha Rajan"<pratibha.nair12 () outlook com <mailto:pratibha.nair12 () outlook com>> wrote:

Hi,

This is with regard to the error I am facing while starting the snortservice after the test Snort start up which was successfull:


******************************************************************

           Preprocessor Object: SF_POP  Version 1.0  <Build 1>
           Preprocessor Object: SF_FTPTELNET  Version 1.2 <Build 13>


Snort successfully validated the configuration!
Snort exiting

********************************************************************


while trying to start the service this is the error being faced:


*********************************************************************
[root@tparheidspxx1 init.d]# ./snort restart
Stopping snort:                                            [ OK  ]
Starting snort: Spawning daemon child...
My daemon child 13226 lives...
Daemon parent exiting (0)
                                                           [ OK  ]
[root@tparheidspxx1 init.d]# ./snort status
snort dead but subsys locked


**************************************************************************

The initialization file i have used is the shell script fromsnort.downloads and below is the permission set for the same:


[root@tparheidspxx1 init.d]# ls -l | grep snort
-rwx------. 1 snort snort  3761 Jul 21 12:41 snort


Few queries:

Do I need to make changes to the script with respect to networkinterface? As the test snort is being run on a virtual machine.

I see that the interface set in the script is "eth0".
Is the permission set for the script correct?

Also:

********************************************

# cd /var/log/snort
# ls -l
total 4
-rw-r--r--. 1 snort snort 0 Jul 22 09:25 alert
-rw-------. 1 snort snort 6 Jul 22 13:50 snort_ens192.pid
-rw-------. 1 snort snort 0 Jul 22 13:50 snort_ens192.pid.lck
-rw-------. 1 snort snort 0 Jul 22 13:50 snort.log.1469209828


*ens192* is the management interface of the virtual machine.

Kindly let me know if I need to attach any logs


Thanks


Pratibha



------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Test Snort Pratibha Rajan (Jul 22)
- Re: Test Snort pratibha.nair12 (Jul 24)
  - Re: Test Snort Russ (Jul 25)
    - Re: Test Snort Pratibha Rajan (Jul 25)
    - Re: Test Snort Russ (Jul 25)
    - Re: Test Snort Joel Esler (jesler) (Jul 25)