[Snort-users] New Install

Michael Steele michaels at ...155...
Wed Jun 19 16:07:04 EDT 2002


Infinity,

Create a folder c:\logs

Cd to wherever you have snort and run this line:

Snort -c snort.conf -l c:\logs

Start snort and you should have an alert.ids file in the new logs folder

-Michael
--
 Michael Steele | System Engineer / Support Technician
 mailto:michaels at ...155...
 Silicon Defense: IDS solutions - http://www.silicondefense.com
 Snort: Open Source Network IDS - http://www.snort.org



-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Infinity
Sent: Wednesday, June 19, 2002 3:03 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] New Install

Hello list:


A New install of Snort Version 1.8.7b119 - Windows
Release on Win2k Server.  No modifications of
snort.conf. Run from command line as follows >  snort
-dev -c snort.conf

*Side Note:  I had the same snort -W problem as
several other posters. I traced it to my Cisco VPN
Client,which I had uninstall. After I uninstalled the
VPN client - No Problem.  The VPN client had no affect
on Sniffer Pro,or ethereal.  I had a similar problem
on a machine that was using PGP*


My question:

I see all traffic on screen when I scan the snort
sensor.  But no alerts are logged.  Using LANGuard
Network Scanner to scan the SNORT sensor, it only
catches four X.11 events.  It does not catch the
NetBios enumerations, port scans, etc.  It doesnt even
trigger when i run a ping -t against it.  According to
the ICMP rules, shouldnt that at least trigger an
alert?

Shouldn't this vanilla install trigger like Mad?  With
HOME_NET any and EXTERNAL_NET any??

I see the traffic scrolling up my screen, so the
interface is catching the packets. I CTL C the session
and the summary shows 4 alerts (ALL X.11 alerts)  And
the traffic in the alert log file  is shown as having
originated from the snort machine -> scanning machine.

HELP!!!  I'm a first time user, I've read through all
the docs, and I thought my snort install should be
going nuts when I scan it.

:(

TIA.

__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com

------------------------------------------------------------------------
----
                   Bringing you mounds of caffeinated joy
                   >>>     http://thinkgeek.com/sf    <<<

_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users







More information about the Snort-users mailing list