[Snort-users] not write alert file

Hideki Hirata hawk at ...10556...
Tue Nov 18 01:34:03 EST 2003


so early reply to thank you.
configutate and exec right now.
but result unchangeble.

>Just because you have the icmp.rules enabled does not mean you are
>alerting on every ping request.  There is not a signature in the default
>icmp.rules file that fires on every ping.


1. /etc/snort/snort.conf has changed

(omission of part)

>> #=========================================
>> # Include all relevant rulesets here
>> #
>> # shellcode, policy, info, backdoor, and virus rulesets are
>> # disabled by default.  These require tuning and maintance.
>> # Please read the included specific file for more information.
>> #=========================================

(omission of part)

>> include $RULE_PATH/icmp.rules
↓
# include $RULE_PATH/icmp.rules

need change other configration.?

2.# snort -c /etc/snort/snort.conf (RETURN)
  # ping eth0 address (RETURN)
  # CTRL+C (RETURN)
===============================================================================
Snort analyzed 262 out of 262 packets, dropping 0(0.000%) packets

Breakdown by protocol:                Action Stats:
    TCP: 11         (4.198%)          ALERTS: 0
    UDP: 114        (43.511%)         LOGGED: 0
   ICMP: 0          (0.000%)          PASSED: 0
    ARP: 29         (11.069%)
  EAPOL: 0          (0.000%)
   IPv6: 0          (0.000%)
    IPX: 0          (0.000%)
  OTHER: 105        (40.076%)
DISCARD: 0          (0.000%)
===============================================================================
Wireless Stats:
Breakdown by type:
    Management Packets: 0          (0.000%)
    Control Packets:    0          (0.000%)
    Data Packets:       0          (0.000%)
===============================================================================
Fragmentation Stats:
Fragmented IP Packets: 0          (0.000%)
    Fragment Trackers: 0
   Rebuilt IP Packets: 0
   Frag elements used: 0
Discarded(incomplete): 0
   Discarded(timeout): 0
  Frag2 memory faults: 0
===============================================================================
TCP Stream Reassembly Stats:
        TCP Packets Used: 11         (4.198%)
         Stream Trackers: 1
          Stream flushes: 2
           Segments used: 4
   Stream4 Memory Faults: 0
===============================================================================
snort Exiting

3.alart file result 
[root at ...10576... hawk]# cd /var/log/snort
[root at ...10576... hawk]# ls -al

(omission of part)

-rwxrwxrwx    1 snort    snort           0 Nov 18 17:16 alert

Packets seem could pick up but alart nothing write.
I wish advice precious infomation.
Regards.





More information about the Snort-users mailing list