[Snort-users] help snort

Quoc tuan Pham phamtuan_luan at ...16148...
Sat Mar 16 05:26:35 EDT 2013


I using this command

#/usr/local/bin/snort -A console -q -u snort
-g snort -c /etc/snort/snort.conf -i eth0
the normal operation
test rules and reports
03/07-08:51:26.329372 [**] [1:10000001:1] ”test
snort co nguoi dang ping may tinh cua ban” [**] [Priority: 0] {ICMP}
192.168.1.102 -> 192.168.1.105
03/07-08:51:26.329453 [**] [1:10000001:1] ”test snort co
nguoi dang ping may tinh cua ban” [**] [Priority: 0] {ICMP} 192.168.1.105 ->
192.168.1.105

but not log into mysql and not on the base.

#/usr/local/bin/snort -q -u snort -g snort -c
/etc/snort/snort.conf -i eth0 &
#/usr/local/bin/barnyard2 -c /etc/snort/barnyard2.conf -d
/var/log/snort -f snort.log -w /etc/snort/bylog.waldo -G /etc/snort/gen-msg.map
-S /etc/snort/sid-msg.map -C /etc/snort/classification.config & 

then snort report

03/07-08:57:03.118541 [**] [1:10000001:1] Snort
Alert [1:10000001:0] [**] [Classification ID: (null)] [Priority ID: 0] {ICMP}
192.168.1.105 -> 192.168.1.102
03/07-08:57:03.118541
[**] [1:10000001:1] Snort Alert [1:10000001:0] [**] [Classification ID: (null)]
[Priority ID: 0] {ICMP} 192.168.1.105 -> 192.168.1.102
not last test rules and log into mysql and show up
base
-> So how to run the rules and how the command is?
-> and startup rules in case 2 is where?how to fix how to implement running rules?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130316/f9bbd44d/attachment.html>


More information about the Snort-users mailing list