[Snort-users] not event in snort 2.9.3

beenph beenph at ...11827...
Thu Sep 27 14:45:21 EDT 2012


On Thu, Sep 27, 2012 at 2:32 PM, troxlinux <xserverlinux at ...11827...> wrote:
> Hi list, I am working snort 2.9.3 I'm doing my best to work with
> Barnyard2 for some reason is not generating events snort, unified2 is
> empty and I do test by ping the server ids
>

I just realized something since you posted some more information on
snort over here.

First your output configuration should be looking something like this

output unified2: filename merged.log, limit 128

Now what is your snort command line invocation?

Also
1- do you have some rules defined?
2- are you seeing traffic on the interface you have configured snort
to listen on?

-elz


> -rw------- 1 snort snort    0 Sep 26 12:58 alert
> -rw-r--r-- 1 snort snort 2056 Sep 27 10:46 barnyard.waldo
> drwxr-xr-x 2 root  root  4096 Sep 27 11:23 eth0
> -rw------- 1 root  root     0 Sep 26 13:54 snort.log.1348689295
> -rw------- 1 root  root     0 Sep 26 13:57 snort.log.1348689456
> -rw------- 1 root  root     0 Sep 26 14:02 snort.log.1348689731
> -rw------- 1 root  root     0 Sep 26 14:05 snort.log.1348689931
> -rw------- 1 root  root     0 Sep 26 14:14 snort.log.1348690442
> -rw------- 1 root  root     0 Sep 26 14:18 snort.log.1348690708
> -rw------- 1 root  root     0 Sep 26 14:42 snort.log.1348692167
> -rw------- 1 root  root     0 Sep 26 14:47 snort.log.1348692448
> -rw------- 1 snort snort    0 Sep 26 14:53 snort.log.1348692805
> -rw------- 1 snort snort    0 Sep 26 16:31 snort.log.1348698702
> -rw------- 1 snort snort    0 Sep 26 17:09 snort.log.1348700973
> -rw------- 1 snort snort    0 Sep 27 08:16 snort.log.1348755389
> -rw------- 1 snort snort    0 Sep 27 09:08 snort.log.1348758488
> -rw------- 1 snort snort    0 Sep 27 09:22 snort.log.1348759368
> -rw------- 1 root  root     0 Sep 27 09:24 snort.log.1348759472
> -rw------- 1 snort snort    0 Sep 27 09:29 snort.log.1348759746
> -rw------- 1 root  root     0 Sep 27 09:29 snort.log.1348759786
> -rw------- 1 root  root     0 Sep 27 10:46 snort.log.1348764364
> -rw------- 1 snort snort    0 Sep 27 10:53 snort.log.1348764789
> -rw------- 1 snort snort    0 Sep 27 11:04 snort.log.1348765449
> -rw------- 1 snort snort    0 Sep 27 11:46 snort.log.1348767998
> -rw------- 1 snort snort    0 Sep 27 12:25 snort.log.1348770345
>
> check my snort.conf
>
> snort.conf
>
> # unified2
> # Recommended for most installs
> # output unified2: filename merged.log, limit 128, nostamp,
> mpls_event_types, vlan_event_types
> output unified2: filename snort.log, limit 128
> # Additional configuration for specific types of installs
> # output alert_unified2: filename snort.alert, limit 128, nostamp
> # output log_unified2: filename snort.log, limit 128, nostamp
>
> # syslog
> # output alert_syslog: LOG_AUTH LOG_ALERT
>
> # pcap
> # output log_tcpdump: tcpdump.log
>
> # database
>
> regardss
>
>
> --
> rickygm
>
> http://gnuforever.homelinux.com
>
> ------------------------------------------------------------------------------
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> http://ad.doubleclick.net/clk;258768047;13503038;j?
> http://info.appdynamics.com/FreeJavaPerformanceDownload.html
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!




More information about the Snort-users mailing list