[Snort-users] SnortCenter can't push to sensor

Guy Marcenac guymarc at ...12...
Sun Nov 24 12:09:04 EST 2002


Hello,

I run snort 1.9.0 with acid v0.9.6b22 on redhat linux 7.3.
with mysql 3-23-53
Works fine on my ppp0 DSL connection.

I installed SnortCenter 0.9.4 in order to simplify rules management.
created snortcenter db, set up parameter in config.php, activated mysql
plugin, dowloaded rules, ..
The snort agent is 0.1.6 and is running.
While setting rules set, variables,... everything seems normal (usual from
snort user point of view)
Problem comes when I try to "push" the configuration:
I get a loading screen for more than a while !
and nothing happens.
If I nevertheless start the snort daemon, sometimes, it can work, but I'm
not sure of the ruleset it is using.

All my "admin server", where snortcenter is installed, runs a https
connection protected by an apache pwd.

sensor config:
localhost:2525
admin/pwd
ssl no
interface ppp0


miniserv.conf:
 port=2525
 bind=
 root=/opt/snortagent/sensor/cgi
 host=localhost
 addtype_cgi=internal/cgi
 realm=SnortCenter Sensor
 logfile=/var/log/snort/miniserv.log
 pidfile=/var/log/snort/miniserv.pid
 errorlog=/var/log/snort/miniserv.error
 logtime=168
 ssl=0
 env_SENSOR_CONFIG=/etc/snort
 env_SENSOR_VAR=/var/log/snort
 atboot=0
 logout=/etc/snort/logout-flag
 denyfile=\.pl$
 log=1
 blockhost_failures=5
 blockhost_time=60
 passdelay=1
 syslog=1
 allow=localhost
 session=0
 userfile=/etc/snort/sensor.users
 keyfile=/etc/snort/sensor.pem

--
guy





More information about the Snort-users mailing list