Snort mailing list archives
Re: Test Snort
From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Mon, 25 Jul 2016 16:14:56 +0000
Also, Http://manual.snort.org will help you. -- Joel Esler Manager, Talos Group Sent from my iPad On Jul 25, 2016, at 11:35 AM, Russ Combs (rucombs) <rucombs () cisco com<mailto:rucombs () cisco com>> wrote: On 7/25/16 10:04 AM, Pratibha Rajan wrote: Hi Russ, Thanks for responding, I did as you suggested and it seems to be stuck at: Commencing packet processing (pid=29664) This is a good sign. If you run snort in the foreground it is working, so your conf is OK etc. when I check the /var/log/messages I see: : WARNING: _PATH_VARRUN is invalid, trying /var/log/ ... : WARNING: /var/log/ is invalid, logging Snort PID path to log directory (/var/log/snort). : Writing PID "24421" to file "/var/log/snort//snort_ens192.pid" This seems to be indicating a problem. Are you using --pid-path? If not, try setting that, or at least ensure that /var/log/ exists. What do I do next? Thanks Pratibha. ________________________________ To: snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net> From: rucombs () cisco com<mailto:rucombs () cisco com> Date: Mon, 25 Jul 2016 07:52:00 -0400 Subject: Re: [Snort-users] Test Snort The script probably does need tweaking. I suggest you run the snort binary directly using the same options as the script but drop -D, -E, and -M if present to see exactly what is going on. On 7/24/16 9:49 AM, pratibha.nair12 () outlook com<mailto:pratibha.nair12 () outlook com> wrote: Hi, Can I get some help here? Thanks Pratibha On Fri, Jul 22, 2016 at 11:41 PM +0530, "Pratibha Rajan" <pratibha.nair12 () outlook com<mailto:pratibha.nair12 () outlook com>> wrote: Hi, This is with regard to the error I am facing while starting the snort service after the test Snort start up which was successfull: ****************************************************************** Preprocessor Object: SF_POP Version 1.0 <Build 1> Preprocessor Object: SF_FTPTELNET Version 1.2 <Build 13> Snort successfully validated the configuration! Snort exiting ******************************************************************** while trying to start the service this is the error being faced: ********************************************************************* [root@tparheidspxx1 init.d]# ./snort restart Stopping snort: [ OK ] Starting snort: Spawning daemon child... My daemon child 13226 lives... Daemon parent exiting (0) [ OK ] [root@tparheidspxx1 init.d]# ./snort status snort dead but subsys locked ************************************************************************** The initialization file i have used is the shell script from snort.downloads and below is the permission set for the same: [root@tparheidspxx1 init.d]# ls -l | grep snort -rwx------. 1 snort snort 3761 Jul 21 12:41 snort Few queries: Do I need to make changes to the script with respect to network interface? As the test snort is being run on a virtual machine. I see that the interface set in the script is "eth0". Is the permission set for the script correct? Also: ******************************************** # cd /var/log/snort # ls -l total 4 -rw-r--r--. 1 snort snort 0 Jul 22 09:25 alert -rw-------. 1 snort snort 6 Jul 22 13:50 snort_ens192.pid -rw-------. 1 snort snort 0 Jul 22 13:50 snort_ens192.pid.lck -rw-------. 1 snort snort 0 Jul 22 13:50 snort.log.1469209828 ens192 is the management interface of the virtual machine. Kindly let me know if I need to attach any logs Thanks Pratibha ------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports.http://sdm.link/zohodev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! ------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports.http://sdm.link/zohodev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! ------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports.http://sdm.link/zohodev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports.http://sdm.link/zohodev2dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Test Snort Pratibha Rajan (Jul 22)
- Re: Test Snort pratibha.nair12 (Jul 24)
- Re: Test Snort Russ (Jul 25)
- Re: Test Snort Pratibha Rajan (Jul 25)
- Re: Test Snort Russ (Jul 25)
- Re: Test Snort Joel Esler (jesler) (Jul 25)
- Re: Test Snort Russ (Jul 25)
- Re: Test Snort pratibha.nair12 (Jul 24)