[Snort-users] First time snorting ... ERROR: The dynamic detection library ...

waldo kitty wkitty42 at ...14940...
Tue Nov 19 19:14:43 EST 2013


On 11/19/2013 3:39 PM, Alan McKay wrote:
> On Tue, Nov 19, 2013 at 3:30 PM, waldo kitty <wkitty42 at ...14940...> wrote:
>> FWIW: those rules will trigger on pretty much any traffic that snort sees... if
>> they are not triggering at all, then your traffic may be packaged in some packet
>> type...
>>
>> are you using VLans?
>
> Nope, and wow, no kidding about those rules triggering anything!
>
> I definitely have alerts now in the web GUI for barnyard.  Lots and
> lots of alerts!  So I've disabled those now.

yay!! we now know that your snort is definitely seeing traffic :)

> Best I can tell it was not alerting until I included the -D switch to
> daemonize it.  That's odd but maybe expected.  I dunno.

yeah, i'm not sure about that... when running in "sniffer" mode (without -D), 
you should have seen the alert flowing across the screen...

what version of snort are you running again? and what OS? VM or no?

> So I'm going to keep my eye on it to see what's what.  And keep
> digging into the manual.
>
> So ... I think it is working.  Fingers crossed and we'll see.

since you are seeing alerts in the database now, yes... your snort and your 
barnyard are working :)

> I'd like to figure out how to get the most serious alerts in email but
> maybe reading the fine manual will tell me that :-)

yeah, that's something that another tool will handle... i don't think that 
barnyard does this as its job is to get the alerts into the database... but a 
database monitoring tool should be able to handle this task...

-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.




More information about the Snort-users mailing list