[Snort-users] Installing & Configuring snort
peter.bates at ...15381...
Mon Aug 13 08:23:08 EDT 2012
-----BEGIN PGP SIGNED MESSAGE-----
On 12/08/2012 20:56, Damien Hull wrote:
> OS: Ubuntu 10.04 server SNORT: 22.214.171.124 Instructions: The
> Ubuntu-10.04-LTS instructions on the snort.org website. Barnyard2:
> Installed and configured MySQL: Using this and it seems to work
> Snort Rules: 2923
> Problem #1 The dynamic rules don't work for some reason. I
> commented out the "dynamicdetection" line to turn that off.
You've got version 126.96.36.199 with 188.8.131.52 ruleset so the SO rules will
> Problem #2 I'm not getting any alerts. I added sfportscan to
> snort.conf but I'm getting no action in the log file.
Is your unified file updating at all?
I'd suggest taking Barnyard2 out of the equation until you know your
sensor is hitting traffic -
snort -A console -u snort -g snort -c /etc/snort/snort.conf -i ethX
is very useful - also the example 'ICMP' rule in the snort.org HOWTO
is very handy to test you're actually seeing something.
Senior Computer Security Officer Phone: +44(0)2076792049
Information Services Division Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the Snort-users