[Snort-users] Snort 22.214.171.124 rules using pp
jlay at ...13475...
Tue Apr 23 07:14:48 EDT 2013
Let's see one of the rules, and what sdo your HOME_NET and EXTERNAL_NET look like?
On Apr 22, 2013, at 10:40 PM, Ashraf Ali <ashrafali.ibs at ...11827...> wrote:
> yes, if i use the command (snort -c /usr/local/snort/snort.conf -i eth0 -A) and can see lots of traffic on the console but nothing is getting dump in the log file, it is still 0 Bytes.
> i did a R&D , by creating a file called local.rules in the same rules folder and added a signature (alert tcp any any -> any any(msg:"Tcp traffic found" sid:1000001);
> in the snort.conf file i put a # before include statement of snort.rules line and added local.rules
> later restarted both snort and barnyard2 Deamons , Guess what i can see log file filling up, and in GUI i can see the alerts.
> There seems to be some problem with the snort.rules file which PP has created.
> Security System Engineer.
> On Mon, Apr 22, 2013 at 9:37 PM, Y M <snort at ...15979...> wrote:
> If you run snort with -A console or -A cmg, do you see any alerts on the console?
> Also run tcpdump against the interface you are listening from, simply
> tcpdump -i ethX -v
> Do you see any traffic? Replace ethX with your interface.
> From: Ashraf Ali
> Sent: 4/22/2013 3:37 PM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] Snort 126.96.36.199 rules using pp
> Hi All,
> recently i have deployed snort in ubuntu 12.04 using Autosnort , during the installation PP asked for Oinkcode ,as i am a registered user so i have provided the same.
> After completion of the installation, i have seen that snort and barnyard2 services are running in Deamon mode, and in /var/log/snort folder a file with name snort.u2.1366**** is also created but empty(0 bytes).
> -rw-r--r-- 1 snort snort 2056 Apr 22 17:54 barnyard2.waldo
> -rw------- 1 snort snort 0 Apr 22 17:54 snort.u2.136662*****
> there is a single rules file called snort.rules in /usr/local/snort/rules folder which has all the downloaded snort rules, and same is included in the snort.conf file.
> Even i have run the snort in test mode using -T , it does not shows up any problem, its working fine but not generating any logs.
> I have formated the server , and re-installed every thing manually this time. still the same problem. file is getting created but no logs.
> pls Advice.
> Security System Egnineer
> Try New Relic Now & We'll Send You this Cool Shirt
> New Relic is the only SaaS-based application performance monitoring service
> that delivers powerful full stack analytics. Optimize and monitor your
> browser, app, & servers with just a few lines of code. Try New Relic
> and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr_______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users