[Snort-users] Problems running Snort
edwardsohn at ...9090...
Thu Oct 21 18:27:43 EDT 2004
I am a Snort and Linux newbie, and I appreciate your Snort installation
guide. I'm having problems, however...
I have everything installed and running on Fedora Core 2 in VMWare 4.5.2 on
Windows XP in bridged mode.
I can see Snort working when I run it in verbose (I can see the packet
I have the Snort.conf file logging to MySQL and then displaying in ACID.
The problem is that I cannot see any entries in MySQL, and thus, nothing is
showing in ACID.
I created a test.rules file and used "alert tcp any any -> any any..." and
saved it in the rules folder. I then ran "snort -c test.rules" and nothing
happened (this ran cleanly, BTW).
You may think that there might be a problem with Snort not logging to MySQL,
but one time (and one time only) I ran a "snort -c /etc/snort/snort.conf"
and then ctrl-c'd a little while later. RIGHT when I did so, my ACID page
logged 3 UDP packets. The signatures read "[snort] SCAN UPnP service
discover attempt" on UDP 1900. There are 3 identical entries sourcing from
the Host Computer (XP) IP address. I couldn't tell if it was a result of
quitting Snort or if it was just before I quit. It could also be
Since then, however, I have never seen any more packets being logged.
Can you help me, please? I would be eternally grateful. Please let me know
what output I can copy and paste for you to see.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users