[Snort-users] snort and ./snarf, install, mild confusion

curt curtpdx at ...834...
Sat Nov 25 00:32:13 EST 2000


Bob wrote:

> Do
> touch /var/log/snort/snort.alert
> 
> then try starting Snort again

Hi Bob,

Thanks for the tip.

The above command took.  I then restarted, entered

bash-2.04# ./snortsnarf.pl -rulesdir /etc/snort \
-rulesfile /etc/snort/snort-lib
-d /usr/local/httpd/htdocs/snort \
/var/log/snort/snort.alert \
/var/log/snort/portscan.log

and it produced the same error on portscan.log.  Being a clever fellow, 
I used the touch command here as well, and now have a portscan.log file.
I ran the Big Statement listed above and it took with no errors. 
restarted, no evidence of snort.  Here's what top shows:



9:18pm  up 4 min,  2 users,  load average: 0.24, 0.45, 0.22
55 processes: 52 sleeping, 3 running, 0 zombie, 0 stopped
CPU states:  6.1% user,  1.5% system,  0.0% nice, 92.2% idle
Mem:   261668K av,  163056K used,   98612K free,       0K shrd,    9712K 
buff
Swap:  136544K av,       0K used,  136544K free                   97412K 
cached

PID USER     PRI  NI  SIZE  RSS SHARE STAT  LIB %CPU %MEM   TIME COMMAND
931 root      17   0 31052  30M 11848 R       0  3.9 11.8   0:19 mozilla-bin
746 root       8   0 74824  73M  1792 R       0  3.3 28.5   0:06 X
943 root       2   0  1056 1056   876 R       0  0.3  0.4   0:00 top
1 root       0   0   196  196   168 S       0  0.0  0.0   0:37 init
2 root       0   0     0    0     0 SW      0  0.0  0.0   0:00 kflushd
3 root       0   0     0    0     0 SW      0  0.0  0.0   0:00 kupdate
4 root       0   0     0    0     0 SW      0  0.0  0.0   0:00 kpiod
5 root       0   0     0    0     0 SW      0  0.0  0.0   0:00 kswapd
6 root       0   0     0    0     0 SW      0  0.0  0.0   0:00 md_thread
9 root       0   0     0    0     0 SW      0  0.0  0.0   0:00 khubd
258 root       0   0   568  568   472 S       0  0.0  0.2   0:00 syslogd
262 root       0   0   860  860   392 S       0  0.0  0.3   0:00 klogd
494 root       0   0  1200 1200   856 S       0  0.0  0.4   0:00 sendmail
501 root       0   0  1184 1184   792 S       0  0.0  0.4   0:00 snmpd
556 root       0   0   616  616   512 S       0  0.0  0.2   0:00 cron
565 curt       0   0   668  668   556 S       0  0.0  0.2   0:00 in.identd
566 root       0   0   668  668   556 S       0  0.0  0.2   0:00 in.identd
567 root       0   0   668  668   556 S       0  0.0  0.2   0:00 in.identd
568 root       0   0   668  668   556 S       0  0.0  0.2   0:00 in.identd
582 root       0   0   692  692   568 S       0  0.0  0.2   0:00 nscd
583 root       0   0   692  692   568 S       0  0.0  0.2   0:00 nscd
584 root       0   0   692  692   568 S       0  0.0  0.2   0:00 nscd
585 root       0   0   692  692   568 S       0  0.0  0.2   0:00 nscd
586 root       0   0   692  692   568 S       0  0.0  0.2   0:00 nscd
587 root       0   0   692  692   568 S       0  0.0  0.2   0:00 nscd
588 root       0   0   692  692   568 S       0  0.0  0.2   0:00 nscd
720 root       0   0   436  436   376 S       0  0.0  0.1   0:00 mingetty
721 root       0   0   436  436   376 S       0  0.0  0.1   0:00 mingetty
722 root       0   0   436  436   376 S       0  0.0  0.1   0:00 mingetty
723 root       0   0   436  436   376 S       0  0.0  0.1   0:00 mingetty
724 root       0   0   436  436   376 S       0  0.0  0.1   0:00 mingetty
725 root       0   0   436  436   376 S       0  0.0  0.1   0:00 mingetty
726 root       0   0  2296 2296  2088 S       0  0..0  0.8   0:00 kdm
758 root       0   0  4304 4304  3580 S       0  0.0  1.6   0:00 kdm
759 root     -10 -10  2272 2272  1056 S < 0  0.0  0.8   0:00 AgentMon
800 root       0   0  4192 4192  3072 S       0  0.0  1.6   0:00 kwm
865 root       0   0  2596 2596  1860 S       0  0.0  0.9   0:00 
kaudioserver
866 root       0   0  2480 2480  1708 S       0  0.0  0.9   0:00 maudio
881 root       0   0  4956 4956  3680 S       0  0.0  1.8   0:00 kfm
882 root       0   0  3624 3624  2720 S       0  0.0  1.3   0:00 krootwm
885 root       0   0  3416 3416  2508 S       0  0.0  1.3   0:00 kwmsound
888 root       0   0  1692 1692  1384 S       0  0.0  0.6   0:00 xconsole
889 root       0   0  3684 3684  2768 S       0  0.0  1.4   0:00 kcpuload
890 root       0   0  3684 3684  2780 S       0  0.0  1.4   0:00 klipper
900 root       0   0  3728 3728  2764 S       0  0.0  1.4   0:00 kbgndwm
903 root       0   0  4344 4344  3152 S       0  0.0  1.6   0:00 kpanel
911 root       0   0  3972 3972  2948 S       0  0.0  1.5   0:00 kmix
924 root       0   0   620  620   504 S       0  0.0  0.2   0:00 dhclient
925 root       0   0   976  976   800 S       0  0.0  0.3   0:00 mozilla
927 root       0   0  1016 1016   808 S       0  0.0  0.3   0:00 
run-mozilla.
932 root       0   0 31052  30M 11848 S       0  0.0 11.8   0:00 mozilla-bin
933 root       0   0 31052  30M 11848 S       0  0.0 11.8   0:00 mozilla-bin
940 root       0   0 31052  30M 11848 S       0  0.0 11.8   0:00 mozilla-bin
941 root       0   0  1292 1292  1000 S       0  0.0  0.4   0:00 wterm
942 root       0   0  1308 1308   980 S       0  0.0  0.4   0:00 bash

Is it running and just less than obvious?

tia,

curt

> At 08:09 PM 11/24/2000 -0800, you wrote:
> 
>> Hi all,
>> 
>> 1) My Snort install doesn't seem to be running.  I installed from the 
>> linuxnewbie.org article, and all seemed OK, or at least there were no 
>> explicit errors.
>> 
>> However, when I (as suggested in the article)
>> 
>> bash-2.04# ps -ax | grep snort
>> 
>> the response is:
>> 
>> 10087 pts/0    S      0:00 grep snort
>> bash-2.04#
>> 
>> neither top nor ps show snort running.  Methinks it ain't.  Could 
>> someone kindly clarify?
>> 
>> 
>> 2) hope this isn't OT, but
>> 
>> Regarding snortsnarf, I installed from the same linuxnewbie article.
>> 
>> after extract, I
>> 
>> bash-2.04# cd SnortSnarf-102700.1
>> bash-2.04# cd include
>> bash-2.04# cp ./* /usr/lib/perl5/site_perl/5.005/
>> bash-2.04# cd /tmp/SnortSnarf-102700.1/cgi
>> bash-2.04# cp ./* /usr/local/httpd/cgi-bin/
>> bash-2.04# cd /tmp/SnortSnarf-102700.1
>> bash-2.04# mkdir /snarf
>> bash-2.04# cd /tmp/SnortSnarf-102700.1
>> bash-2.04# cp snortsnarf.pl /snarf
>> bash-2.04# cd  /snarf
>> bash-2.04# ./snortsnarf.pl -rulesdir /etc/snort \
>> -rulesfile /etc/snort/snort-lib
>> -d /usr/local/httpd/htdocs/snort \
>> /var/log/snort/snort.alert \
>> /var/log/snort/portscan.log
>> 
>> the response to this last command is:
>> 
>> Couldn't open  input file /var/log/snort/snort.alert
>> 
>> bash-2.04#
>> 
>> this is a proper response, as there is no file  
>> /var/log/snort/snort.alert
>> 
>> What am I missing here?  (god, I hope it's not a typo...)
>> 
>> big tia,
>> 
>> curt
>> 
>> sysinfo:
>> 
>> Linux 2.2.16
>> SuSE 7.0
>> snort 1.3.6
>> 
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> http://lists.sourceforge.net/mailman/listinfo/snort-users





More information about the Snort-users mailing list