[Snort-users] not event in snort 2.9.3

troxlinux xserverlinux at ...11827...
Thu Sep 27 14:32:03 EDT 2012


Hi list, I am working snort 2.9.3 I'm doing my best to work with
Barnyard2 for some reason is not generating events snort, unified2 is
empty and I do test by ping the server ids

-rw------- 1 snort snort    0 Sep 26 12:58 alert
-rw-r--r-- 1 snort snort 2056 Sep 27 10:46 barnyard.waldo
drwxr-xr-x 2 root  root  4096 Sep 27 11:23 eth0
-rw------- 1 root  root     0 Sep 26 13:54 snort.log.1348689295
-rw------- 1 root  root     0 Sep 26 13:57 snort.log.1348689456
-rw------- 1 root  root     0 Sep 26 14:02 snort.log.1348689731
-rw------- 1 root  root     0 Sep 26 14:05 snort.log.1348689931
-rw------- 1 root  root     0 Sep 26 14:14 snort.log.1348690442
-rw------- 1 root  root     0 Sep 26 14:18 snort.log.1348690708
-rw------- 1 root  root     0 Sep 26 14:42 snort.log.1348692167
-rw------- 1 root  root     0 Sep 26 14:47 snort.log.1348692448
-rw------- 1 snort snort    0 Sep 26 14:53 snort.log.1348692805
-rw------- 1 snort snort    0 Sep 26 16:31 snort.log.1348698702
-rw------- 1 snort snort    0 Sep 26 17:09 snort.log.1348700973
-rw------- 1 snort snort    0 Sep 27 08:16 snort.log.1348755389
-rw------- 1 snort snort    0 Sep 27 09:08 snort.log.1348758488
-rw------- 1 snort snort    0 Sep 27 09:22 snort.log.1348759368
-rw------- 1 root  root     0 Sep 27 09:24 snort.log.1348759472
-rw------- 1 snort snort    0 Sep 27 09:29 snort.log.1348759746
-rw------- 1 root  root     0 Sep 27 09:29 snort.log.1348759786
-rw------- 1 root  root     0 Sep 27 10:46 snort.log.1348764364
-rw------- 1 snort snort    0 Sep 27 10:53 snort.log.1348764789
-rw------- 1 snort snort    0 Sep 27 11:04 snort.log.1348765449
-rw------- 1 snort snort    0 Sep 27 11:46 snort.log.1348767998
-rw------- 1 snort snort    0 Sep 27 12:25 snort.log.1348770345

check my snort.conf

snort.conf

# unified2
# Recommended for most installs
# output unified2: filename merged.log, limit 128, nostamp,
mpls_event_types, vlan_event_types
output unified2: filename snort.log, limit 128
# Additional configuration for specific types of installs
# output alert_unified2: filename snort.alert, limit 128, nostamp
# output log_unified2: filename snort.log, limit 128, nostamp

# syslog
# output alert_syslog: LOG_AUTH LOG_ALERT

# pcap
# output log_tcpdump: tcpdump.log

# database

regardss


-- 
rickygm

http://gnuforever.homelinux.com




More information about the Snort-users mailing list