[Snort-users] not event in snort 2.9.3

troxlinux xserverlinux at ...11827...
Thu Sep 27 15:10:07 EDT 2012


2012/9/27 beenph <beenph at ...11827...>:
> On Thu, Sep 27, 2012 at 2:32 PM, troxlinux <xserverlinux at ...11827...> wrote:
>>
> I just realized something since you posted some more information on
> snort over here.
>
> First your output configuration should be looking something like this
>
> output unified2: filename merged.log, limit 128

# unified2
# Recommended for most installs
output unified2: filename snort.log, limit 128


>
> Now what is your snort command line invocation?
>
> Also
> 1- do you have some rules defined?

yes ,

var RULE_PATH /etc/snort/rules
var SO_RULE_PATH /etc/snort/so_rules
var PREPROC_RULE_PATH /etc/snort/preproc_rules


> 2- are you seeing traffic on the interface you have configured snort
> to listen on?
>

/etc/sysconfig/snort

INTERFACE=eth0
#
# The following two options are not directly supported on the command line
# or in the conf file and assume the same Snort configuration for all
# instances
#
# To listen on all interfaces use this:
#INTERFACE=ALL
#
# To listen only on given interfaces use this:
#INTERFACE="eth1 eth2 eth3 eth4 eth5"


# Where is Snort's configuration file?
# -c {/path/to/snort.conf}
CONF=/etc/snort/snort.conf

# What user and group should Snort drop to after starting? This user and
# group should have very few privileges.
# -u {user} -g {group}
# config set_uid: user
# config set_gid: group
# config set_uid: user
# config set_gid: group
USER=snort
GROUP=snort

# Should Snort change the order in which the rules are applied to packets.
# Instead of being applied in the standard Alert->Pass->Log order, this will
# apply them in Pass->Alert->Log order.
# -o
# config order: {actions in order}
# e.g. config order: log alert pass activation dynamic suspicious redalert
PASS_FIRST=0

#### Logging & Alerting

# NOTE: NO_PACKET_LOG and BINARY_LOG, ALERTMODE, etc. are mutually
# exclusive. Use either NO_PACKET_LOG or any/all of the other logging
# options. But the more logging options use you, the slower Snort will run.


# Where should Snort log?
# -l {/path/to/logdir}



regardss



-- 
rickygm

http://gnuforever.homelinux.com




More information about the Snort-users mailing list