[Snort-users] Problems running Snort

Edward Sohn edwardsohn at ...9090...
Thu Oct 21 18:27:43 EDT 2004


I am a Snort and Linux newbie, and I appreciate your Snort installation
guide.  I'm having problems, however...

I have everything installed and running on Fedora Core 2 in VMWare 4.5.2 on
Windows XP in bridged mode.

I can see Snort working when I run it in verbose (I can see the packet
captures)
I have the Snort.conf file logging to MySQL and then displaying in ACID.

The problem is that I cannot see any entries in MySQL, and thus, nothing is
showing in ACID.

I created a test.rules file and used "alert tcp any any -> any any..." and
saved it in the rules folder.  I then ran "snort -c test.rules" and nothing
happened (this ran cleanly, BTW).

You may think that there might be a problem with Snort not logging to MySQL,
but one time (and one time only) I ran a "snort -c /etc/snort/snort.conf"
and then ctrl-c'd a little while later.  RIGHT when I did so, my ACID page
logged 3 UDP packets.  The signatures read "[snort] SCAN UPnP service
discover attempt" on UDP 1900.  There are 3 identical entries sourcing from
the Host Computer (XP) IP address.  I couldn't tell if it was a result of
quitting Snort or if it was just before I quit.  It could also be
unrelated...dunno.

Since then, however, I have never seen any more packets being logged.

Can you help me, please?  I would be eternally grateful.  Please let me know
what output I can copy and paste for you to see.

Thanks,

Ed
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20041021/44865bda/attachment.html>


More information about the Snort-users mailing list