[Snort-users] Samba Alerts....
roesch at ...421...
Fri Jan 26 14:49:56 EST 2001
If SMB alert support isn't compiled into the RPM, you'll have to grab
the source and run 'configure --enable-smbalerts'. You also need to
make sure that WinPopup is running on the receiver system (Win95/98
only, NT/2k have it as a service). If you want to see if SMB support is
compiled into the binary, run 'snort -c <conf file> -M /etc/snort/SPACE'
and see if it starts properly and without any error or warning messages.
David Fitches wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Forgive me if I'm raising an often-discussed-thought-dead-and-gone issue,
> but when installing SNORT from the RPM's, EXACTLY how do you get Samba
> Alerts working??
> Currently I've placed the line :
> output smb_alert: /etc/snort/SPACE
> in my snort.conf file in the "/etc/snort" directory.
> I've created /etc/snort/SPACE containing one entry :
> (It did have entries for the other machines on the house LAN, but as it
> didn't work with them in it either, I left them out for the time being)
> - From there I performed a restart of SNORT (/etc/rc.d/init.d/snortd
> Then I did a port scan over the LAN from my windows box to the linux server.
> It creates a "log" file in the /var/log/snort directory stating that a port
> scan had occured.
> It created complete log entries in the IP specific directory for the PC I
> scanned from (/var/log/snort/192.168.0.1).
> It even created a "portscan.log" file in the "/var/log/snort" directory.
> But no pop-up window on my windows box.
> Any and all suggestions welcome, even constructive flames! :)
> - -
> = Dave Fitches =
> ,--__|\ David Fitches
> / \ * ICQ : 2120090 * SATCO CID : 955589
> \_,--\__/ * Mobile : +61-419-466-744
> v * E-mail : sticks.au at ...375...
> Melbourne, Victoria, Australia
> Web: http://www.bigfoot.com/~sticks.au/
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 6.5.3
> -----END PGP SIGNATURE-----
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
roesch at ...421...
More information about the Snort-users