[Snort-users] Samba Alerts....

Kevin Pietersma kev at ...526...
Mon Jan 22 10:17:46 EST 2001


make sure smb is compiled into your kernel (Network File Systems section)

kev

At 10:30 PM 1/21/01 +1100, David Fitches wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>
>
>Forgive me if I'm raising an often-discussed-thought-dead-and-gone issue,
>but when installing SNORT from the RPM's, EXACTLY how do you get Samba
>Alerts working??
>
>Currently I've placed the line :
>
>	output smb_alert: /etc/snort/SPACE
>
>in my snort.conf file in the "/etc/snort" directory.
>
>I've created /etc/snort/SPACE containing one entry :
>
>	Mercury
>
>(It did have entries for the other machines on the house LAN, but as it
>didn't work with them in it either, I left them out for the time being)
>
>- From there I performed a restart of SNORT (/etc/rc.d/init.d/snortd
>restart)
>
>Then I did a port scan over the LAN from my windows box to the linux server.
>
>It creates a "log" file in the /var/log/snort directory stating that a port
>scan had occured.
>
>It created complete log entries in the IP specific directory for the PC I
>scanned from (/var/log/snort/192.168.0.1).
>
>It even created a "portscan.log" file in the "/var/log/snort" directory.
>
>But no pop-up window on my windows box.
>
>Any and all suggestions welcome, even constructive flames! :)
>
>- -
>
>			= Dave Fitches =
>
>________________________________________________________
> ,--__|\    David Fitches
>/       \   * ICQ : 2120090   * SATCO CID : 955589
>\_,--\__/   * Mobile : +61-419-466-744
>       v    * E-mail : sticks.au at ...375...
>            Melbourne, Victoria, Australia
>            Web: http://www.bigfoot.com/~sticks.au/
>_______________________________________________________
>
>-----BEGIN PGP SIGNATURE-----
>Version: PGP 6.5.3
>
>iQA/AwUBOmo70wUhkO6Zt2EDEQJafwCdFrMsPSN4U+W8syNduWlM5UUCNWAAoKtp
>poof213Rh1LWP4P5tkiaPrdS
>=zm/i
>-----END PGP SIGNATURE-----
>
>
>_______________________________________________
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>http://lists.sourceforge.net/lists/listinfo/snort-users
> 





More information about the Snort-users mailing list