[Snort-users] No Alerts Being Generated

Matthew K. Lee mattl at ...12405...
Thu Sep 30 08:03:03 EDT 2004


Andrew,

Everything looks good.  I know that I had a glitch because my snort
password had special characters (i.e. #,$,etc.).  Once I changed the
password, things took off.

I'm out of suggestions.

Thanks,

Matthew Lee

-----Original Message-----
From: Kaplan, Andrew H. [mailto:AHKAPLAN at ...10063...] 
Sent: Thursday, September 30, 2004 9:52 AM
To: Matthew K. Lee
Cc: Snort User Group (E-mail)
Subject: RE: [Snort-users] No Alerts Being Generated

Hi Matthew --

Thank-you for your reply, and here are the answers to your questions:

1. The owner/group permissions for /etc/snort are as follows:

drwxr-xr-x root root snort/ <- printout

2. I tried a portscan via NeWT and nothing appeared.

3. When I run the mysql command you mentioned in your e-mail, I am able
   to access the database via the mysql prompt.


-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Matthew K.
Lee
Sent: Wednesday, September 29, 2004 3:47 PM
To: snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] No Alerts Being Generated


Andrew,

1. What are the owner/group permissions of /etc/snort?
2. Have you tried to send it traffic that would trigger a rule?
3. What happens when you do a 'mysql -u snort -p' with snort's password?

Matthew Lee
http://www.rycan.com

-----Original Message-----
From: Kaplan, Andrew H. [mailto:AHKAPLAN at ...10063...] 
Sent: Wednesday, September 29, 2004 2:35 PM
To: Snort User Group (E-mail)
Subject: [Snort-users] No Alerts Being Generated

I completed installing snort 2.2.0 (build 30) and have begun running it.
The
ACID GUI and /var/log/snort/alert files have not shown any alerts
even though the program has been running for over an hour. To verify
there were
no syntax errors in the snort.conf file, I ran the following:

snort -c /etc/snort/snort.conf

There were no errors and warnings, and the program appears to be running
properly. Where in snort.conf and elsewhere, should I check for 
configuration mistakes? I have included the snort.conf file here.
Thanks.

 <<snort.conf.29sept04.txt>> 


-------------------------------------------------------
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give
us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out
more
http://productguide.itmanagersjournal.com/guidepromo.tmpl
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list