[Snort-users] Snort not logging /VAR/LOG/SNORT alerts after Nessus scan

Iain Lorimer iain.lorimer at ...11827...
Tue Nov 18 10:16:31 EST 2014


Hi Folks, I'm hoping you could help a real Noob out as I feel I'm now going
round in circles.

I have attempted to set up snort on a Raspberry Pi Model B using Raspbian,
based on the Debian Linux OS distribution following this tutorial
http://youresuchageek.blogspot.co.uk/2012/11/howto-guide-to-snort-ids-in-debian.html

I have successfully installed snort 2.9.7.0 with the snort dependencies
libpcap 1.3.0, libdnet 1.12 and libdnet daq 2.0.4 tar.gz. I have tested
this by pinging the RPI which displayed on the terminal. This also puts a
log within /var/log/snort.

I have installed Barnyard2 but not bothered with having this speak to the
SQL database as I just want a bare bones IDS logging to /Var/Log/snort
alerts for starters.

I have successfully installed pulledpork and updated my rules
/etc/snort/rules snort.rules

Again I have not bothered with configuring Apache2 and install BASE as I
will check var/log/snort alerts for any suspicious traffic.

To test snort I have ran Nessus against it but the alerts in
/var/log/snort/ remain empty.

I have been Googling this issue for a fair few days now and beginning to
loose enthusiasm.

Any help to show me where I have gone wrong would be greatly appreciated,
if you could let me know what you will require as in .conf files to help
diagnose the problem.

Thank you Snort community
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20141118/a08c590c/attachment.html>


More information about the Snort-users mailing list