[Snort-users] Snort 220.127.116.11 rules using pp
ashrafali.ibs at ...11827...
Tue Apr 23 00:40:33 EDT 2013
yes, if i use the command (snort -c /usr/local/snort/snort.conf -i eth0
-A) and can see lots of traffic on the console but nothing is getting dump
in the log file, it is still 0 Bytes.
i did a R&D , by creating a file called local.rules in the same rules
folder and added a signature (alert tcp any any -> any any(msg:"Tcp traffic
in the snort.conf file i put a # before include statement of snort.rules
line and added local.rules
later restarted both snort and barnyard2 Deamons , Guess what i can see log
file filling up, and in GUI i can see the alerts.
There seems to be some problem with the snort.rules file which PP has
Security System Engineer.
On Mon, Apr 22, 2013 at 9:37 PM, Y M <snort at ...15979...> wrote:
> If you run snort with -A console or -A cmg, do you see any alerts on the
> Also run tcpdump against the interface you are listening from, simply
> tcpdump -i ethX -v
> Do you see any traffic? Replace ethX with your interface.
> From: Ashraf Ali <ashrafali.ibs at ...11827...>
> Sent: 4/22/2013 3:37 PM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] Snort 18.104.22.168 rules using pp
> Hi All,
> recently i have deployed snort in ubuntu 12.04 using Autosnort , during
> the installation PP asked for Oinkcode ,as i am a registered user so i have
> provided the same.
> After completion of the installation, i have seen that snort and
> barnyard2 services are running in Deamon mode, and in /var/log/snort folder
> a file with name snort.u2.1366**** is also created but empty(0 bytes).
> -rw-r--r-- 1 snort snort 2056 Apr 22 17:54 barnyard2.waldo
> *-rw------- 1 snort snort 0 Apr 22 17:54 snort.u2.136662******
> there is a single rules file called snort.rules in /usr/local/snort/rules
> folder which has all the downloaded snort rules, and same is included in
> the snort.conf file.
> Even i have run the snort in test mode using -T , it does not shows up
> any problem, its working fine but not generating any logs.
> I have formated the server , and re-installed every thing manually this
> time. still the same problem. file is getting created but no logs.
> pls Advice.
> Security System Egnineer
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users