Snort mailing list archives
Re: Snort works fine with community rules. After importing the complete set using oinkmaster, it fails to generate alerts
From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Mon, 29 Aug 2016 20:12:57 +0000
You don't receive any errors on startup? Just a successful start? Also, you should stop using oinkmaster and migrate to pulledpork. Sent from my iPhone On Aug 29, 2016, at 4:06 PM, Roy Turner <royturner () uymail com<mailto:royturner () uymail com>> wrote: Basically I configured my Snort and it works fine with the community-rules. Alerts arrive perfectly when doing a NMAP scan and other tests. The problem is that after installing the registered version of the rules using oinkmaster, I do not receive any alert. I did add the rules with their path in the snort.conf file. Status appears to be fine: ● snort.service - LSB: snort Loaded: loaded (/etc/init.d/snort) Active: active (running) since Mon 2016-08-29 15:34:37 EDT; 2min 41s ago Process: 6846 ExecStop=/etc/init.d/snort stop (code=exited, status=0/SUCCESS) Process: 6893 ExecStart=/etc/init.d/snort start (code=exited, status=0/SUCCESS) CGroup: /system.slice/snort.service └─6913 snort -i eth1 -c /etc/snort/snort.conf -s -D Aug 29 15:34:37 IDS snort[6913]: Preprocessor Object: SF_SDF Version 1.1 <Build 1> Aug 29 15:34:37 IDS snort[6913]: Preprocessor Object: SF_DNP3 Version 1.1 <Build 1> Aug 29 15:34:37 IDS snort[6913]: Preprocessor Object: SF_SIP Version 1.1 <Build 1> Aug 29 15:34:37 IDS snort[6913]: Preprocessor Object: SF_POP Version 1.0 <Build 1> Aug 29 15:34:37 IDS snort[6913]: Preprocessor Object: SF_SSLPP Version 1.1 <Build 4> Aug 29 15:34:37 IDS snort[6913]: Preprocessor Object: SF_REPUTATION Version 1.1 <Build 1> Aug 29 15:34:37 IDS snort[6913]: Preprocessor Object: SF_SMTP Version 1.1 <Build 9> Aug 29 15:34:37 IDS snort[6913]: Preprocessor Object: SF_GTP Version 1.1 <Build 1> Aug 29 15:34:37 IDS snort[6913]: Preprocessor Object: SF_IMAP Version 1.0 <Build 1> Aug 29 15:34:37 IDS snort[6913]: Commencing packet processing (pid=6913) I haven't modified anything, except adding the rules using oinkmaster. If I rollback, it works fine with community-rules. Anyone has any ideas? Sorry for being so unspecific, but I'm a bit lost here. ------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort works fine with community rules. After importing the complete set using oinkmaster, it fails to generate alerts Roy Turner (Aug 29)
- Re: Snort works fine with community rules. After importing the complete set using oinkmaster, it fails to generate alerts Joel Esler (jesler) (Aug 29)
- Re: Snort works fine with community rules. After importing the complete set using oinkmaster, it fails to generate alerts Y M (Aug 29)