[Snort-users] snortsam

Ralf Hildebrandt Ralf.Hildebrandt at ...3909...
Wed May 15 05:22:02 EDT 2002


Hi!

I'm trying out to run snort together with snortsam and the snort-alert
plugin.

After a painful installation process due to the lousy docs, I now have
the follwoing problem:

When I start snort, I get:

...
Back Orifice detection brute force: DISABLED
Using LOCAL time
[Alert_FWsam] Connected to mgmt station 127.0.0.1.
[Alert_FWsam](CheckIn) Password mismatch! Ignoring mgmt station
127.0.0.1.
1086 Snort rules read...
1086 Option Chains linked into 109 Chain Headers
0 Dynamic rules
...
-*> Snort! <*-
Version 1.8.7beta1 (Build 117)

What the hell is going on?
In my snortsam.conf:

accept 127.0.0.1/mypassword

In my snort.conf:

output alert_fwsam: 127.0.0.1:898/mypassword

Clearly, those two passwords match.

Snort is started like this:
 /usr/sbin/snort -S
HOME_NET=[141.42.0.0/16,193.175.64.0/21,192.168.0.0/16,172.16.0.0/12]
-h 141.42.0.0/16,193.175.64.0/21,192.168.0.0/16,172.16.0.0/12 -c
/etc/snort/snort.conf -l /var/log/snort -b -d -u snort -g snort -i eth1


-- 
Ralf Hildebrandt (Im Auftrag des Referat V A)   Ralf.Hildebrandt at ...3909...
Charite Campus Virchow-Klinikum                 Tel.  +49 (0)30-450 570-155
Referat V A - Kommunikationsnetze -             Fax.  +49 (0)30-450 570-916
So unleash your nmap-from-hell and beware, you may tickle an obscure
bug in an ancient box hand-built by Seymour Cray himself, the only one
of its kind ever made, whose sole user pays the salaries of everyone
you ever met in the entire time you worked at the company, with money
he makes with an investment strategy hand-coded in assembler for this
special machine, by an analytic wizard who has since died. 





More information about the Snort-users mailing list