[Snort-users] snort startup inside a vm

Michael Lubinski michael.lubinski at ...11827...
Thu Feb 3 14:14:43 EST 2011


 On 2/3/2011 07:38, Michael Lubinski wrote:

> snort -D -c /etc/snort/snort.conf -i eth0
>
> Moved the logs to /root/snortlogs, nothing gets generated in the
> snort.alert file.
> The errors I see fly across the screen are encoded rule plugin SID: ####
> not
> registerd properly try disabling this rule.
>

this would seem to indicate that your so rules are not right... i've only
seen this error with the GID 3 so rules... i assume that the SID: #### is
actually of the format SID: 3:#### ??
- Show quoted text -




snort -D -c /etc/snort/snort.conf -i eth0

Moved the logs to /root/snortlogs, nothing gets generated in the snort.alert
file.
The errors I see fly across the screen are encoded rule plugin SID: #### not
registerd properly try disabling this rule.

On Tue, Feb 1, 2011 at 8:25 PM, waldo kitty <wkitty42 at ...14940...> wrote:

> On 1/31/2011 21:04, Michael Lubinski wrote:
> > When i start snort I see alot of alerts scroll across the screen. How can
> I
> > capture these to a text file to read later? I am running snort in vmware
> player.
>
> what command line are you using? you may only need to analyze the default
> snort
> alert file depending on your snort.conf settings ;)
>
>
> ------------------------------------------------------------------------------
> Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
> Finally, a world-class log management solution at an even better
> price-free!
> Download using promo code Free_Logger_4_Dev2Dev. Offer expires
> February 28th, so secure your free ArcSight Logger TODAY!
> http://p.sf.net/sfu/arcsight-sfd2d
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20110203/cd4bdd15/attachment.html>


More information about the Snort-users mailing list