[Snort-users] Help me please :(

James Hoagland hoagland at ...47...
Wed Feb 13 08:51:07 EST 2002


At 11:35 AM +0530 2/13/02, Santosh M Hulkund wrote:
>  Hi Gurus,
>
>	I need u r help, if u can spare few minutes to read this mail. I am
>just a beginner, I installed Snort Version 1.8.4-beta1 (Build 91) on one of
>my Linux box. For testing I changed the telnet.rules as
>
>	alert tcp any any  -> 10.10.XXX.XXX 23
>
>With no rule options, here 10.10.XXX.XXX is my Linux box. I ran snort. After
>this I tried to telnet on this Linux box, so that it would generate alert. I
>checked the alert file in /var/log/snort, there was some data present.
>
>Then I ran snortsnarf.pl -d /home/santosh/www -ldir /var/log/snort, so that
>it would generate a html page. The output was
>
>0 alerts found using input module SnortFileInput, with sources:
>/var/log/snort.alert
>
>What could be the reason, If the question is very silly pardon me.

Note the discrepancy between the file your alerts are stored in 
(/var/log/snort) and the file SnortFileInput tried to get your alerts 
from (/var/log/snort.alert).  Since you did not specify an input file 
on the command line, SnortSnarf tried its default.  Add 
'/var/log/snort' to the end of your snortsnarf.pl command line.

Inspired by this message, the next version of SnortSnarf will have 
better warning when input files do not exist.

Regards,

   Jim

-- 
|*      Jim Hoagland, Associate Researcher, Silicon Defense      *|
|*            --- Silicon Defense: IDS Solutions ---             *|
|*  hoagland at ...47..., http://www.silicondefense.com/  *|
|*   Voice: (530) 756-7317                 Fax: (530) 756-7297   *|




More information about the Snort-users mailing list