[Snort-users] Samba Alerts....

David Fitches sticks.au at ...375...
Sun Jan 21 06:30:59 EST 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Forgive me if I'm raising an often-discussed-thought-dead-and-gone issue,
but when installing SNORT from the RPM's, EXACTLY how do you get Samba
Alerts working??

Currently I've placed the line :

	output smb_alert: /etc/snort/SPACE

in my snort.conf file in the "/etc/snort" directory.

I've created /etc/snort/SPACE containing one entry :

	Mercury

(It did have entries for the other machines on the house LAN, but as it
didn't work with them in it either, I left them out for the time being)

- From there I performed a restart of SNORT (/etc/rc.d/init.d/snortd
restart)

Then I did a port scan over the LAN from my windows box to the linux server.

It creates a "log" file in the /var/log/snort directory stating that a port
scan had occured.

It created complete log entries in the IP specific directory for the PC I
scanned from (/var/log/snort/192.168.0.1).

It even created a "portscan.log" file in the "/var/log/snort" directory.

But no pop-up window on my windows box.

Any and all suggestions welcome, even constructive flames! :)

- -

			= Dave Fitches =

________________________________________________________
 ,--__|\    David Fitches
/       \   * ICQ : 2120090   * SATCO CID : 955589
\_,--\__/   * Mobile : +61-419-466-744
       v    * E-mail : sticks.au at ...375...
            Melbourne, Victoria, Australia
            Web: http://www.bigfoot.com/~sticks.au/
_______________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.3

iQA/AwUBOmo70wUhkO6Zt2EDEQJafwCdFrMsPSN4U+W8syNduWlM5UUCNWAAoKtp
poof213Rh1LWP4P5tkiaPrdS
=zm/i
-----END PGP SIGNATURE-----





More information about the Snort-users mailing list