[Snort-users] No data on Snort Report.

Nick Moore nmoore at ...1935...
Thu Mar 15 14:11:02 EDT 2012


Rick,

Have you done a tcpdump on your monitor ports to find out if you are seeing
traffic? Check to make sure you are seeing session traffic on those ports
(http, smb...) and not just broadcasts and multicasts (BPDUs, ARPs....).

If you are seeing real traffic on those ports and the http rule test in
Jeremy Hoel's email also works, re-post to the list and attach your
snort.conf and your snort startup command.

Happy Snorting!

Nick

On Thu, Mar 15, 2012 at 10:08 AM, Rick <ttricktt at ...11827...> wrote:

> Hi Everyone,
>
> New to Snort.
> No data on Snort Report.
> This is a new install using Ubuntu 11.10
> I followed the user guide,                Snort 2.9.2 and Snort Report
> 1.3.3 on Ubuntu 10.04 LTS Installation Guide.
>
> The install went good and Snort Report is available on my browser I
> just don't get any data.
>
> eth0 is configured with no IP and connected to a mirrored port,
> pointing to the LAN side of an ASA5510.
> etho1 is configured with an IP address connect to the LAN.
>
> The switch is a ProCurve 2626.
>
>  Can anyone give some insight how to test the IDS.
>
> Thanks,
> Rick
>
>
> ------------------------------------------------------------------------------
> This SF email is sponsosred by:
> Try Windows Azure free for 90 days Click Here
> http://p.sf.net/sfu/sfd2d-msazure
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>



-- 
Nick Moore, SFCE, CISSP, CISA
Sr. Systems Engineer
Voice 708-336-9041
Email nick.moore at ...1935...
IM    nickgmoore (Yahoo)
       nickgmoore38 (AIM)

    ,,_
   o"  )~   Sourcefire - The Creators of Snort
    ''''

www.sourcefire.com         www.snort.org     www.immunet.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120315/17b13d31/attachment.html>


More information about the Snort-users mailing list