[Snort-users] No data on Snort Report.

Jeremy Hoel jthoel at ...11827...
Thu Mar 15 11:23:36 EDT 2012


You can setup a rule that fires on any web traffic (port 80).  Then
also you can turn on basic text/syslog output in the snort.conf.  Then
you can browse the web and it alert on that rule.

in snort.conf
output alert_syslog: LOG_LOCAL6 LOG_ALERT

and in local.rules
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"HTTP TEST";
sid:999999;)


On Thu, Mar 15, 2012 at 3:08 PM, Rick <ttricktt at ...11827...> wrote:
> Hi Everyone,
>
> New to Snort.
> No data on Snort Report.
> This is a new install using Ubuntu 11.10
> I followed the user guide,                Snort 2.9.2 and Snort Report
> 1.3.3 on Ubuntu 10.04 LTS Installation Guide.
>
> The install went good and Snort Report is available on my browser I
> just don't get any data.
>
> eth0 is configured with no IP and connected to a mirrored port,
> pointing to the LAN side of an ASA5510.
> etho1 is configured with an IP address connect to the LAN.
>
> The switch is a ProCurve 2626.
>
>  Can anyone give some insight how to test the IDS.
>
> Thanks,
> Rick
>
> ------------------------------------------------------------------------------
> This SF email is sponsosred by:
> Try Windows Azure free for 90 days Click Here
> http://p.sf.net/sfu/sfd2d-msazure
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!




More information about the Snort-users mailing list