[Snort-users] First time snorting ... ERROR: The dynamic detection library ...
alan.mckay at ...11827...
Fri Nov 15 10:39:33 EST 2013
> If you run Snort in console mode (-A console) for testing purposes, do you
> see any alerts?
Nope. I ran it without the redirect this time of course and with -A
console, and it gets to this point :
Preprocessor Object: SF_DNS Version 1.1 <Build 4>
Preprocessor Object: SF_POP Version 1.0 <Build 1>
Commencing packet processing (pid=20459)
And after that I hit it again with nmap -O as well as continual ssh
attempts. It just stays like the above with no more output.
> Another thing, how does your unified2 output plugin look
> like in your snort.conf file? Also, what rules you have enabled?
I'm using the default snort.conf from the document that I posted in my
first thread. It seems to be the default from the distro. The only
changes I make are these near the top of the file, and I only made
those after my initial attempts with all defaults failed. Here are
my changes :
# Setup the network addresses you are protecting
ipvar HOME_NET MY_REAL_IP_REMOVED
# Set up the external network addresses. Leave as "any" in most situations
ipvar EXTERNAL_NET !$HOME_NET
I dumped the full contents of the snort.conf at the top of my google
doc for perusal.
More information about the Snort-users