Site Navigation

Date:      Fri, 12 Jul 2002 15:32:32 +0400
From:      dawnshade <h-k@mail.ru>
To:        freebsd-security@freebsd.org
Subject:   Re[6]: Snort problem.
Message-ID:  <48573629315.20020712153232@mail.ru>
In-Reply-To: <1026472255.3d2eb93f98607@webmail.sambolian.net.nz>
References:  <60550254524.20020712090257@mail.ru> <20020712053845.GA89208@i-sphere.com> <29552793875.20020712094517@mail.ru> <1026465184.3d2e9da02c762@webmail.sambolian.net.nz> <108568184025.20020712140147@mail.ru> <1026472255.3d2eb93f98607@webmail.sambolian.net.nz>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

Hello Andrew,

Friday, July 12, 2002, 3:10:55 PM, you wrote:

AT> Hi,


AT> Try running snort in the foreground, and without syslog, I use this:

AT> /usr/local/bin/snort -i ep1 -A fast -c /usr/local/etc/snort.conf -m 027

AT> This is the output that I recieve, note the line on the output where it says
AT> "885 Snort rules read..."


 The same thing: 0 packet analyzing!!!


su-2.05a# /usr/local/bin/snort -i cp0 -A fast -c /usr/local/etc/snort/snort.co
nf -m 027   
Log directory = /var/log/snort

Initializing Network Interface cp0

        --== Initializing Snort ==--

[!] ERROR: Can not get write access to logging directory "/var/log/snort".
(directory doesn't exist or permissions are set incorrectly
or it is not a directory at all)

Fatal Error, Quitting..
su-2.05a# /usr/local/bin/snort -i cp0 -A fast -c /usr/local/etc/snort/snort.co
nf -m 027
Log directory = /var/log/snort

Initializing Network Interface cp0

        --== Initializing Snort ==--

[!] ERROR: Can not get write access to logging directory "/var/log/snort".
(directory doesn't exist or permissions are set incorrectly
or it is not a directory at all)

Fatal Error, Quitting..
su-2.05a# /usr/local/bin/snort -i cp0 -A fast -c /usr/local/etc/snort/snort.co
nf -m 027
Log directory = /var/log/snort

Initializing Network Interface cp0

        --== Initializing Snort ==--
Decoding PPP on interface cp0
Initializing Preprocessors!
Initializing Plug-ins!
Initializating Output Plugins!
Parsing Rules file /usr/local/etc/snort/snort.conf

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
No arguments to frag2 directive, setting defaults to:
    Fragment timeout: 60 seconds
    Fragment memory cap: 4194304 bytes
    Fragment min_ttl:   0
    Fragment ttl_limit: 5
    Fragment Problems: 0
Stream4 config:
    Stateful inspection: ACTIVE
    Session statistics: INACTIVE
    Session timeout: 30 seconds
    Session memory cap: 8388608 bytes
    State alerts: INACTIVE
    Evasion alerts: INACTIVE
    Scan alerts: ACTIVE
    Log Flushed Streams: INACTIVE
    MinTTL: 1
    TTL Limit: 5
No arguments to stream4_reassemble, setting defaults:
     Reassemble client: ACTIVE
     Reassemble server: INACTIVE
     Reassemble ports: 21 23 25 53 80 143 110 111 513
     Reassembly alerts: ACTIVE
     Reassembly method: FAVOR_OLD
Using LOCAL time
Anomoly sensor threshold adapting repeadly specified, ignoring later specification: 0.01 15 4 24 7
WARNING: command line overrides rules file alert plugin!
WARNING: command line overrides rules file alert plugin!
limit == 128
UnifiedLogFilename = snort.log
Opening /var/log/snort/snort.log.1026473194
1530 Snort rules read...
1530 Option Chains linked into 170 Chain Headers
0 Dynamic rules
+++++++++++++++++++++++++++++++++++++++++++++++++++

Rule application order: ->activation->dynamic->alert->pass->log->suspicious

        --== Initialization Complete ==--

-*> Snort! <*-
Version 1.8.7 (Build 128)
By Martin Roesch (roesch@sourcefire.com, www.snort.org)
^C

===============================================================================
Snort analyzed 0 out of 2742 packets, The kernel dropped 0(0.000%) packets

Breakdown by protocol:                Action Stats:
    TCP: 0          (0.000%)          ALERTS: 0         
    UDP: 0          (0.000%)          LOGGED: 0         
   ICMP: 0          (0.000%)          PASSED: 0         
    ARP: 0          (0.000%)
   IPv6: 0          (0.000%)
    IPX: 0          (0.000%)
  OTHER: 0          (0.000%)
DISCARD: 0          (0.000%)
===============================================================================
Fragmentation Stats:
Fragmented IP Packets: 0          (0.000%)
    Fragment Trackers: 0         
   Rebuilt IP Packets: 0         
   Frag elements used: 0         
Discarded(incomplete): 0         
   Discarded(timeout): 0         
  Frag2 memory faults: 0         
===============================================================================
TCP Stream Reassembly Stats:
        TCP Packets Used: 0          (0.000%)
         Stream Trackers: 0         
          Stream flushes: 0         
           Segments used: 0         
   Stream4 Memory Faults: 0         
===============================================================================
Snort received signal 2, exiting 


-- 
Best regards,
 dawnshade                            mailto:h-k@mail.ru


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48573629315.20020712153232>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact