[Snort-users] Snort testing

Patrick Harper patrick.harper at ...11593...
Thu Apr 8 07:19:00 EDT 2004


Look in /var/log/snort for an alert file. If it is there then you have a
db connection problem.  Double check the snort.conf output line and the
acid_conf.php to make sure that everything is correct.  Is mysql
running?


Patrick S. Harper | CISSP RHCT MCSE
Information Security Engineer
patrick.harper at ...11593... 

-----Original Message-----
From: David Nardoni [mailto:dnardoni at ...11606...] 
Sent: Wednesday, April 07, 2004 1:58 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Snort testing


I am very new to snort and I am need some help on getting it running
correctly.  It appears that snort is running but not accumulating
alerts. I followed the SNORT, PHP, Apache, MySQL and ACID install guide
by Patrick Harper.

Here is what I get when I run ps -ef | grep snort  /usr/local/bin/snort
-c /etc/snort/snort.conf -I eth0 -g snort -D

When I run a nmap scan on the ip address it does not generate any
alerts.

This is a system set up on a local LAN attached to a hub.  

I have even run sneeze and received no alerts.

Any help would be appreciated.

David Nardoni CISSP
First Response Consulting Services, Inc.  
dnardoni at ...11606... 




-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




Disclaimer:
This electronic message, including any attachments, is confidential and intended solely for use of the intended recipient(s). This message may contain information that is privileged or otherwise protected from disclosure by applicable law. Any unauthorized disclosure, dissemination, use or reproduction is strictly prohibited. If you have received this message in error, please delete it and notify the sender immediately. 







More information about the Snort-users mailing list