[Snort-users] First time snorting ... ERROR: The dynamic detection library ...
wkitty42 at ...14940...
Tue Nov 19 19:14:43 EST 2013
On 11/19/2013 3:39 PM, Alan McKay wrote:
> On Tue, Nov 19, 2013 at 3:30 PM, waldo kitty <wkitty42 at ...14940...> wrote:
>> FWIW: those rules will trigger on pretty much any traffic that snort sees... if
>> they are not triggering at all, then your traffic may be packaged in some packet
>> are you using VLans?
> Nope, and wow, no kidding about those rules triggering anything!
> I definitely have alerts now in the web GUI for barnyard. Lots and
> lots of alerts! So I've disabled those now.
yay!! we now know that your snort is definitely seeing traffic :)
> Best I can tell it was not alerting until I included the -D switch to
> daemonize it. That's odd but maybe expected. I dunno.
yeah, i'm not sure about that... when running in "sniffer" mode (without -D),
you should have seen the alert flowing across the screen...
what version of snort are you running again? and what OS? VM or no?
> So I'm going to keep my eye on it to see what's what. And keep
> digging into the manual.
> So ... I think it is working. Fingers crossed and we'll see.
since you are seeing alerts in the database now, yes... your snort and your
barnyard are working :)
> I'd like to figure out how to get the most serious alerts in email but
> maybe reading the fine manual will tell me that :-)
yeah, that's something that another tool will handle... i don't think that
barnyard does this as its job is to get the alerts into the database... but a
database monitoring tool should be able to handle this task...
NOTE: No off-list assistance is given without prior approval.
Please keep mailing list traffic on the list unless
private contact is specifically requested and granted.
More information about the Snort-users