[Snort-users] 1.9.0beta4

Gray . Brendan bgray2 at ...3738...
Wed Aug 14 13:34:03 EDT 2002


After making an update to my windows desktop I had to reboot, and killed my
ssh session to the box running snort.  When I ssh back into it, the snort
process was still running (snort -A full -d).  So I killed the PID, erased
the alert and scanlog files, and started snort again as (snort -A full -d
-D).  It started up fine, and I see that its running.  So far its picked up
a few portscan stuff, nothing else.  I'll keep watching.

When checking the /var/log/messages file, it seems like eth0 never left
promisc mode in the first place. 

Aug 14 14:53:35 testbox kernel: device eth0 left promiscuous mode
Aug 14 14:55:20 testbox kernel: device eth0 entered promiscuous mode
Aug 14 16:01:12 testbox sshd(pam_unix)[2913]: session closed for user 
Aug 14 16:01:25 testbox sshd(pam_unix)[779]: session closed for user 
Aug 14 16:11:55 testbox sshd(pam_unix)[3156]: session opened for user 
Aug 14 16:13:24 testbox snort: using config file ./snort.conf
Aug 14 16:13:24 testbox snort: http_decode arguments:
Aug 14 16:13:24 testbox snort:     Unicode decoding
Aug 14 16:13:24 testbox snort:     IIS alternate Unicode decoding
Aug 14 16:13:24 testbox snort:     IIS double encoding vuln
Aug 14 16:13:24 testbox snort:     Flip backslash to slash
Aug 14 16:13:24 testbox snort:     Include additional whitespace separators
Aug 14 16:13:24 testbox snort:     Ports to decode http on: 80
Aug 14 16:13:24 testbox snort: telnet_decode arguments:
Aug 14 16:13:24 testbox snort:     Ports to decode telnet on: 21 23 25 119
Aug 14 16:13:24 testbox snort: Conversation Config:
Aug 14 16:13:24 testbox snort:    KeepStats: 0
Aug 14 16:13:24 testbox snort:    Conv Count: 32000
Aug 14 16:13:24 testbox snort:    Timeout   : 60
Aug 14 16:13:24 testbox snort:    Allowed IP Protocols:
Aug 14 16:13:24 testbox snort:  All
Aug 14 16:13:24 testbox snort:
Aug 14 16:13:24 testbox snort: Portscan2 config:
Aug 14 16:13:24 testbox snort:     log: /var/log/snort/scan.log
Aug 14 16:13:24 testbox snort:     scanners_max: 3200
Aug 14 16:13:24 testbox snort:     targets_max: 5000
Aug 14 16:13:24 testbox snort:     target_limit: 5
Aug 14 16:13:24 testbox snort:     port_limit: 20
Aug 14 16:13:24 testbox snort:     timeout: 60
Aug 14 16:13:26 testbox snort: Initializing daemon mode
Aug 14 16:13:26 testbox snort: PID stat checked out ok, PID set to /var/run/
Aug 14 16:13:26 testbox snort: Writing PID file to "/var/run/"
Aug 14 16:13:26 testbox snort: Snort initialization completed successfully,
Snort running


Brendan



-----Original Message-----
From: Chris Green [mailto:cmg at ...1935...]
Sent: Wednesday, August 14, 2002 1:21 PM
To: Gray . Brendan
Subject: Re: [Snort-users] 1.9.0beta4


"Gray . Brendan" <bgray2 at ...3738...> writes:

> I'm testing 1.9.0beta4 and its not working.  Well, to be more specific,
I'm
> running RedHat 7.3 on a x86 with all the updates, and when I start Snort
> (snort -A full -d -D) snort will run, but nothing gets logged


Take off the -D option and see what error it reports.  Please reply to
snort-users  as others might have the same problem.








More information about the Snort-users mailing list