[Snort-users] Way to generate alerts?

Matthew Van Gent matthew at ...16037...
Thu Jan 10 17:46:55 EST 2013


administrator at ...16039...:~$ curl testmyids.com
uid=0(root) gid=0(root) groups=0(root)
administrator at ...16039...:~$

I do not see any alerts in snortreport.


From: Heine Lysemose [mailto:lysemose at ...11827...]
Sent: Thursday, January 10, 2013 2:22 PM
To: Matthew Van Gent
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Way to generate alerts?


Hi

Have you tried; curl testmyids.com<http://testmyids.com>?

/Lysemose
On Jan 10, 2013 11:12 PM, "Matthew Van Gent" <matthew at ...16037...<mailto:matthew at ...16037...>> wrote:
Hello,

I apologize if this is the wrong spot to send this email, I am new to snort. I have used autosnort(https://github.com/da667/Autosnort ) on my Dell Poweredge T310 server running Ubuntu 12.04.1 LTS. I have configured port mirroring on my external connection and confirmed with wireshark that it is working, however, I am not receiving any generated alerts from snort. Is there a way to generate alerts guaranteed? I have nmap on an external machine, and when I run a nmap "attack" against this IP I do not receive any alerts via Snort Report. I am trying to narrow down if snort is misconfigured, barnyard2 is not functioning, or something else entirely.

Any information on this is welcome.

Thanks,

Matthew Van Gent
IT Assistant
Cross Petroleum
6920 Lockheed Drive
Redding, CA 96002


------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET<http://ASP.NET>, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnmore_122712
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net<mailto:Snort-users at lists.sourceforge.net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130110/6ea964fd/attachment.html>


More information about the Snort-users mailing list