No subject


Thu Nov 23 16:36:19 EST 2017


>Try this:

>*  Verify that snort is working.  'snort -vade' should show traffic on your
network.
It works and shows traffic on the network. I copied some output above.

>*  Check your snort.conf.  Check HOME_NET and EXTERNAL_NET, to be sure
>they are set for the correct ranges.
I have the HOME_NET set for each class c;
var HOME_NET
[63.229.251.0/24,65.101.195.0/24,65.103.101.0/24,65.125.152.0/23]
but my EXTERNAL_NET is set like this:
var EXTERNAL_NET $HOME_NET
Should external net say 'any'?

>*  If the MySQL host and snort host are different, make sure you can
>connect from one to the other.
The MySQL host and snort are on the same machine.

Thanks,
Joshua Rogers
Webmaster
InterPlanetary Web Services
303-940-2597
IBO# 60092

----- Original Message -----
From: "McClure Gammon" <gammon.mcclure at ...4990...>
To: "'Joshua Rogers'" <josh at ...6676...>; <Snort-users at lists.sourceforge.net>
Sent: Friday, August 23, 2002 1:59 PM
Subject: RE: [Snort-users] Snort, php, MySQL and acid showing no activity


> Joshua,
> Not to be asking stupid questions, but are you in a switched environment?
(Keep in mind some "hubs" are really switches.)  If so, you'll need to span
or mirror ports of interest to the port where snort is plugged in.  Easiest
way to debug this is to start simple - can you get alerts to the console
(other than broadcast) running just snort -dv if all you see are broadcasts,
you're switched.  If you see other stuff, we can get more complicated.
>
> Gammon
>
> -----Original Message-----
> From: Joshua Rogers [mailto:josh at ...6676...]
> Sent: Friday, August 23, 2002 2:50 PM
> To: Snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] Snort, php, MySQL and acid showing no
> activity
>
>
> Ok, I ran 'nmap -v -sS -O <server ip>' on the snort machine and on another
> server. Both tests did not show up in the acid console and nothing in the
> MySQL db. There is also nothing showing up in the portscan log file. I am
> guessing I missed something in the setup.
>
> Thanks,
> Joshua Rogers
> Webmaster
> InterPlanetary Web Services
> 303-940-2597
> IBO# 60092
>
> ----- Original Message -----
> From: "Demetri Mouratis" <dmourati at ...3877...>
> To: "Randy Bey" <Randy.Bey at ...6683...>
> Cc: <Snort-users at lists.sourceforge.net>
> Sent: Friday, August 23, 2002 11:33 AM
> Subject: RE: [Snort-users] Snort, php, MySQL and acid showing no activity
>
>
> > Nmap is a easier and faster in that it doesn't require client/server
> > setup:
> >
> > http://www.insecure.org
> >
> > HTH
> > On Fri, 23 Aug 2002, Randy Bey wrote:
> >
> > > Oh yes, you need to do something to trigger a rule. I usually just run
a
> > > quick Nessus(tm) scan; that does it for me.
> > >
> > > If there are faster, easier ways to trip a rule, please someone let me
> > > know.
> > >
> > > Randy Bey
> > > RiverNorth Systems
> > > 7300 W 147th St Suite 300
> > > Apple Valley, MN 55124
> > > http://www.rivernorthsys.com
> > >
> > >
> > > -----Original Message-----
> > > From: Joshua Rogers [mailto:josh at ...6676...]
> > > Sent: Friday, August 23, 2002 10:24 AM
> > > To: Snort-users at lists.sourceforge.net
> > > Subject: Re: [Snort-users] Snort, php, MySQL and acid showing no
> > > activity
> > >
> > > I just tried: /usr/local/bin/snort -c /etc/snort/snort.conf -D from
the
> > > command line. It created an additional sensor, but still no activity
in
> > > the
> > > db. Do I need to create any alerts? It seems that I can not create a
> > > useful
> > > alert until I have a traffic pattern to base it on. Am I correct in
this
> > > assumption?
> > >
> > > Thanks,
> > > Joshua Rogers
> > > Webmaster
> > > InterPlanetary Web Services
> > > 303-940-2597
> > > IBO# 60092
> > > ----- Original Message -----
> > > From: "Randy Bey" <Randy.Bey at ...6683...>
> > > To: "Joshua Rogers" <josh at ...6676...>;
<Snort-users at lists.sourceforge.net>
> > > Sent: Friday, August 23, 2002 9:31 AM
> > > Subject: RE: [Snort-users] Snort, php, MySQL and acid showing no
> > > activity
> > >
> > >
> > > Have you made sure you aren't using any -A switches on your snort
> > > command line? It should be as simple as:
> > > /usr/local/bin/snort -c /etc/snort/snort.conf -D
> > >
> > >
> > > Randy Bey
> > > RiverNorth Systems
> > > 7300 W 147th St Suite 300
> > > Apple Valley, MN 55124
> > > http://www.rivernorthsys.com
> > >
> > >
> > > -----Original Message-----
> > > From: Joshua Rogers [mailto:josh at ...6676...]
> > > Sent: Thursday, August 22, 2002 4:28 PM
> > > To: Snort-users at lists.sourceforge.net
> > > Subject: [Snort-users] Snort, php, MySQL and acid showing no activity
> > >
> > > Hi,
> > > I do not know what information will be helpful in showing me how to
> > > track
> > > down a problem on my system, but here goes. I am running:
> > > Red Hat Linux 7.3 with the latest updates
> > > PHP 4.2.1, register globals=on
> > > Apache 1.3.26
> > > MySQL 3.23.39
> > > GD 1.6.2
> > > The latest acid
> > > BCMath
> > >
> > > I followed the great doc on setting up snort-rh7-mysql, from the snort
> > > website. I had to make a few changes since I am running 7.3 and did
not
> > > have
> > > all of the drive space shown in the doc. Somewhere along the line I
> > > think I
> > > missed something. Snort and MySQL seems to be running, the acid
> > > interface
> > > comes up fine with no errors but there is no data that shows up in the
> > > database or in the acid interface.
> > > What information would you need to help point me in the right
direction
> > > to
> > > get snort recording data?
> > >
> > > Thanks,
> > > Joshua Rogers
> > > Webmaster
> > > InterPlanetary Web Services
> > > 303-940-2597
> > > IBO# 60092
> > >
> > >
> > >
> > > -------------------------------------------------------
> > > This sf.net email is sponsored by: OSDN - Tired of that same old
> > > cell phone?  Get a new here for FREE!
> > > https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
> > > _______________________________________________
> > > Snort-users mailing list
> > > Snort-users at lists.sourceforge.net
> > > Go to this URL to change user options or unsubscribe:
> > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > Snort-users list archive:
> > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > >
> > >
> > > -------------------------------------------------------
> > > This sf.net email is sponsored by: OSDN - Tired of that same old
> > > cell phone?  Get a new here for FREE!
> > > https://www.inphonic.com/r.asp?r=urceforge1&refcode1=3390
> > > _______________________________________________
> > > Snort-users mailing list
> > > Snort-users at lists.sourceforge.net
> > > Go to this URL to change user options or unsubscribe:
> > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > Snort-users list archive:
> > > http://www.geocrawler.com/redir-sf.php3?list=ort-users
> > >
> > >
> > >
> > >
> > > -------------------------------------------------------
> > > This sf.net email is sponsored by: OSDN - Tired of that same old
> > > cell phone?  Get a new here for FREE!
> > > https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
> > > _________________________
> >
> > ---------------------------------------------------------------------
> > Demetri Mouratis
> > dmourati at ...3878...
> >
> >
> >
> > -------------------------------------------------------
> > This sf.net email is sponsored by: OSDN - Tired of that same old
> > cell phone?  Get a new here for FREE!
> > https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> >
>
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by: OSDN - Tired of that same old
> cell phone?  Get a new here for FREE!
> https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>





More information about the Snort-users mailing list