Date: Fri, 12 Jul 2002 21:13:04 +1200 From: Andrew Thompson <andy@sambolian.net.nz> To: dawnshade <h-k@mail.ru> Cc: freebsd-security@freebsd.org Subject: Re: Re[2]: Snort problem. Message-ID: <1026465184.3d2e9da02c762@webmail.sambolian.net.nz> In-Reply-To: <29552793875.20020712094517@mail.ru> References: <60550254524.20020712090257@mail.ru> <20020712053845.GA89208@i-sphere.com> <29552793875.20020712094517@mail.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Have you got any snort rules loaded? it will say that it has loaded x number of rules when it starts up. I have been caught out before when it has not logged anything, and it turned out that no rules were loaded. --Andy Quoting dawnshade <h-k@mail.ru>: > Hello faSty, > > Friday, July 12, 2002, 9:38:45 AM, you wrote: > > f> Did you check /var/log/messages because -s mean it goes directly syslogd > send > f> to /var/log/messages. Depend on what your syslogd.conf unless it is > default > f> syslogd.conf then check /var/log/messages. > > f> My snort on bridge look like: > f> /usr/local/bin/snort -A full -D -e -d -s -i fxp1 -c > /usr/local/etc/snort.conf > > f> -fasty > > f> On Fri, Jul 12, 2002 at 09:02:57AM +0400, dawnshade wrote: > >> I have a little problem: > >> install, configure snort (1.8.6 (Build 105)). > >> Run: /usr/local/bin/snort -c /usr/local/etc/snort/snort.conf -s -A full > -d -D -l /usr/log/snort > >> > >> But the snort does nothing: not log or alert scans, portscans, > >> etc.... > >> > >> thank all for advance. > >> > >> > > in syslog.conf i added these lines: > > LOG_ALERT /usr/log/snort.log > LOG_AUTHPRIV /usr/log/snort.log > > In messages only starting message snort: > > Jul 12 09:44:01 mx /kernel: cp0: promiscuous mode enabled > Jul 12 09:44:01 mx snort: Initializing daemon mode > Jul 12 09:44:01 mx snort: PID stat checked out ok, PID set to /var/run/ > Jul 12 09:44:01 mx snort: Writing PID file to "/var/run/" > Jul 12 09:44:01 mx snort: WARNING: command line overrides rules file alert > plugin! > Jul 12 09:44:01 mx snort: WARNING: command line overrides rules file alert > plugin! > Jul 12 09:44:01 mx snort: limit == 128 > Jul 12 09:44:01 mx snort: UnifiedLogFilename = snort.log > Jul 12 09:44:02 mx snort[21582]: Snort initialization completed successfully, > Snort running > > -- > Best regards, > dawnshade mailto:h-k@mail.ru > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > > ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1026465184.3d2e9da02c762>