[Snort-users] Help with SnortCenter

Morgan R. Elmore Morgan at ...8013...
Mon Jan 20 06:11:03 EST 2003


Your best bet is to break it down into the simplest parts.

1.  Make sure that snortcenter console got a good push to the agent.  Verify
it by checking to make sure the file exists.

2.  Make sure that the interface you are sniffing on is enabled.

3.  See if you can start snort manually with the agent .conf file.

My bet is option two (because it happened to me).  

-----Original Message-----
From: Counselman, Chris Contractor/Sverdrup
[mailto:chris.counselman at ...8029...]
Sent: Friday, January 17, 2003 3:15 PM
To: 'Erick Mechler'; Matt T. Galvin
Cc: snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] Help with SnortCenter


I am having the same problem. I have the front end and agent setup and
can interact with the sensors to a limited degree. I am running
snortcenter .9.6 on redhat 8.0 using snort 1.9.0. I updated the rules
from the internet, setup the database, and did everything else the setup
said to. When I attempt to restart the snort service snortcenter stops
the snort daemon but cannot properly start it nor can I push rules or
the .conf file out. Where does snortcenter default to when it is
uploading rules and the conf files to the sensors? Where can I change
this value? Is there any good documentation on snortcenter other than
the snortcenter/acid/redhat 7.3 guide or what you can find on the
snortcenter website?

Thanks,

Chris

-----Original Message-----
From: Erick Mechler [mailto:emechler at ...7719...] 
Sent: Friday, January 17, 2003 1:23 PM
To: Matt T. Galvin
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Help with SnortCenter


:: I am having trouble getting snort center to see the rules and in turn

:: actually do anything, the web interface is all set up and the sensor
is 
:: set up but the rules are not being seen.  How can i get this to work,
i 
:: have tried editing every config var i can find a few different ways
and 
:: have had no luck,

I'm confused.  Are you saying that you don't have any rules in
snortcenter to push to your sensors?  By default, snortcenter doesn't
ship with any signatures, so you have to go do the Rules menu, and
select "Update/Import rules" to actually get signatures into the DB.
Once you've done that, you can use snortcenter to select which rules you
want pushed to your sensors.

Sorry if this isn't what you're asking; more information would be good.

Cheers - Erick


-------------------------------------------------------
This SF.NET email is sponsored by: Thawte.com - A 128-bit supercerts
will allow you to extend the highest allowed 128 bit encryption to all
your 
clients even if they use browsers that are limited to 40 bit encryption.

Get a guide
here:http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0030en
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list