[Snort-users] New Install
michaels at ...155...
Wed Jun 19 22:12:02 EDT 2002
Make sure your rules are being detected.
Run this from a command prompt
Snort -c full_path\snort.conf -l full_path\logs
The output will tell you if it's reading in the rules. You will need to
CTRL/C to exit.
Michael Steele | System Engineer / System Administrator
mailto:michaels at ...155...
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Infinity
Sent: June 19, 2002 5:29 PM
To: Michael Steele
Cc: snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] New Install
Thanks for the quick response.
I have a logs directory in place.
Problem is that even though I scan my SNORT Sensor
with LANGuard the ONLY alerts i see in alert.ids are
X.11 traffic being shown as generated from SNORT
sensor --> scanning machine. The port scan, Netbios
Enum, Proxy check etc... are not showing up in the IDS
Shouldnt var HOME_NET any and var EXTERNAL_NET any
and all the standard snort.conf include statements
insure various triggers should show up in my
I'm just wondering why the traffic from the scanning
machine is not being ID'd by the rule sets. The
inteface sees it because with -dev I see it on my
--- Michael Steele <michaels at ...155...>
> Create a folder c:\logs
> Cd to wherever you have snort and run this line:
> Snort -c snort.conf -l c:\logs
> Start snort and you should have an alert.ids file in
> the new logs folder
> Michael Steele | System Engineer / Support
> mailto:michaels at ...155...
> Silicon Defense: IDS solutions -
> Snort: Open Source Network IDS -
> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net
> [mailto:snort-users-admin at lists.sourceforge.net] On
> Behalf Of Infinity
> Sent: Wednesday, June 19, 2002 3:03 PM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] New Install
> Hello list:
> A New install of Snort Version 1.8.7b119 - Windows
> Release on Win2k Server. No modifications of
> snort.conf. Run from command line as follows >
> -dev -c snort.conf
> *Side Note: I had the same snort -W problem as
> several other posters. I traced it to my Cisco VPN
> Client,which I had uninstall. After I uninstalled
> VPN client - No Problem. The VPN client had no
> on Sniffer Pro,or ethereal. I had a similar problem
> on a machine that was using PGP*
> My question:
> I see all traffic on screen when I scan the snort
> sensor. But no alerts are logged. Using LANGuard
> Network Scanner to scan the SNORT sensor, it only
> catches four X.11 events. It does not catch the
> NetBios enumerations, port scans, etc. It doesnt
> trigger when i run a ping -t against it. According
> the ICMP rules, shouldnt that at least trigger an
> Shouldn't this vanilla install trigger like Mad?
> HOME_NET any and EXTERNAL_NET any??
> I see the traffic scrolling up my screen, so the
> interface is catching the packets. I CTL C the
> and the summary shows 4 alerts (ALL X.11 alerts)
> the traffic in the alert log file is shown as
> originated from the snort machine -> scanning
> HELP!!! I'm a first time user, I've read through
> the docs, and I thought my snort install should be
> going nuts when I scan it.
> Do You Yahoo!?
> Yahoo! - Official partner of 2002 FIFA World Cup
> Bringing you mounds of
> caffeinated joy
> >>> http://thinkgeek.com/sf
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or
> Snort-users list archive:
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
Bringing you mounds of caffeinated joy
>>> http://thinkgeek.com/sf <<<
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
More information about the Snort-users