[Snort-users] snort on ossim

Kaushal Shriyan kaushalshriyan at ...11827...
Thu Apr 1 12:47:30 EDT 2010


Hi,

I am testing snort on ossim. I have added a basic rule under
/etc/snort/rules/local.rules and restarted the snort daemon server.

alert icmp any any -> 192.168.1.1 any (sid:1000000; rev:1; msg: "Oh
snap it's a ping";)

>From the client host i did ping 192.168.1.1 but i could not see any
events or alert under snort logs. Also on the OSSIM Admin web
interface i could not see any events

Under /var/log/snort/ I dont see anything

-rw-r----- 1 snort adm 0 2010-03-17 19:38 snort_eth1.1268879936
-rw-r----- 1 snort adm 0 2010-03-18 00:33 snort_eth1.1268897623
-rw-r----- 1 snort adm 0 2010-03-18 00:35 snort_eth1.1268897717
-rw-r----- 1 snort adm 0 2010-03-23 00:46 snort_eth1.1269330408
-rw-r----- 1 snort adm 0 2010-03-23 04:32 snort_eth1.1269343945
-rw-r----- 1 snort adm 0 2010-03-23 04:38 snort_eth1.1269344305
-rw-r----- 1 snort adm 0 2010-03-23 04:42 snort_eth1.1269344567
-rw-r----- 1 snort adm 0 2010-03-24 00:42 snort_eth1.1269416522
-rw-r----- 1 snort adm 0 2010-04-01 08:47 snort_eth1.1270136823

Please suggest/guide.

Thanks and Regards,

Kaushal




More information about the Snort-users mailing list