Snort mailing list archives

Re: Test Snort

From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Mon, 25 Jul 2016 16:14:56 +0000

Also, Http://manual.snort.org will help you.

--
Joel Esler
Manager, Talos Group
Sent from my iPad

On Jul 25, 2016, at 11:35 AM, Russ Combs (rucombs) <rucombs () cisco com<mailto:rucombs () cisco com>> wrote:



On 7/25/16 10:04 AM, Pratibha Rajan wrote:
Hi Russ,

Thanks for responding, I did as you suggested and it seems to be stuck at:

Commencing packet processing (pid=29664)
This is a good sign.  If you run snort in the foreground it is working, so your conf is OK etc.

when I check the /var/log/messages I see:

: WARNING: _PATH_VARRUN is invalid, trying /var/log/ ...
: WARNING: /var/log/ is invalid, logging Snort PID path to log directory (/var/log/snort).
: Writing PID "24421" to file "/var/log/snort//snort_ens192.pid"
This seems to be indicating a problem.  Are you using --pid-path?  If not, try setting that, or at least ensure that 
/var/log/ exists.

What do I do next?

Thanks

Pratibha.

________________________________
To: snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>
From: rucombs () cisco com<mailto:rucombs () cisco com>
Date: Mon, 25 Jul 2016 07:52:00 -0400
Subject: Re: [Snort-users] Test Snort

The script probably does need tweaking.  I suggest you run the snort binary directly using the same options as the 
script but drop -D, -E, and -M if present to see exactly what is going on.

On 7/24/16 9:49 AM, pratibha.nair12 () outlook com<mailto:pratibha.nair12 () outlook com> wrote:

Hi,

Can I get some help here?

Thanks

Pratibha



On Fri, Jul 22, 2016 at 11:41 PM +0530, "Pratibha Rajan" <pratibha.nair12 () outlook com<mailto:pratibha.nair12 () 
outlook com>> wrote:

Hi,

This is with regard to the error I am facing while starting the snort service after the test Snort start up which was 
successfull:

******************************************************************

           Preprocessor Object: SF_POP  Version 1.0  <Build 1>
           Preprocessor Object: SF_FTPTELNET  Version 1.2  <Build 13>


Snort successfully validated the configuration!
Snort exiting

********************************************************************


while trying to start the service this is the error being faced:


*********************************************************************
[root@tparheidspxx1 init.d]# ./snort restart
Stopping snort:                                            [  OK  ]
Starting snort: Spawning daemon child...
My daemon child 13226 lives...
Daemon parent exiting (0)
                                                           [  OK  ]
[root@tparheidspxx1 init.d]# ./snort status
snort dead but subsys locked


**************************************************************************

The initialization file i have used is the shell script from snort.downloads and below is the  permission set for the 
same:

[root@tparheidspxx1 init.d]# ls -l | grep snort
-rwx------. 1 snort snort  3761 Jul 21 12:41 snort


Few queries:
Do I need to make changes to the script with respect to network interface? As the test snort is being run on a virtual 
machine.
I see that the interface set in the script is "eth0".
Is the permission set for the script correct?

Also:

********************************************

# cd /var/log/snort
# ls -l
total 4
-rw-r--r--. 1 snort snort 0 Jul 22 09:25 alert
-rw-------. 1 snort snort 6 Jul 22 13:50 snort_ens192.pid
-rw-------. 1 snort snort 0 Jul 22 13:50 snort_ens192.pid.lck
-rw-------. 1 snort snort 0 Jul 22 13:50 snort.log.1469209828


ens192 is the management interface of the virtual machine.

Kindly let me know if I need to attach any logs


Thanks


Pratibha




------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!


------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? 
Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed 
decisions using capacity planning reports.http://sdm.link/zohodev2dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge 
net<mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: 
https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: 
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current 
on all the latest Snort news!

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Test Snort Pratibha Rajan (Jul 22)
- Re: Test Snort pratibha.nair12 (Jul 24)
  - Re: Test Snort Russ (Jul 25)
    - Re: Test Snort Pratibha Rajan (Jul 25)
    - Re: Test Snort Russ (Jul 25)
    - Re: Test Snort Joel Esler (jesler) (Jul 25)