No subject


Thu Nov 23 16:36:19 EST 2017


have missed????
=20
Thanks


------_=_NextPart_001_01C51F74.79BDC735
Content-Type: text/html; charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; charset=3Dus-ascii">
<META content=3D"MSHTML 6.00.2800.1491" name=3DGENERATOR></HEAD>
<BODY>
<DIV><SPAN class=3D529555621-02032005><FONT face=3DArial size=3D2>Hey=20
Everyone...<BR></FONT></SPAN></DIV>
<DIV><SPAN class=3D529555621-02032005><FONT face=3DArial size=3D2>I just se=
tup my=20
first snort box running on Fedora Core 3.  I installed everything,=20
including ACID and started snort up...It starts up just fine and a ps auxww=
=20
|grep snort shows that the app is running..</FONT></SPAN></DIV>
<DIV><SPAN class=3D529555621-02032005><FONT face=3DArial=20
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D529555621-02032005><FONT face=3DArial=20
size=3D2>502       3740  0.7 14.5 41444 =
37196=20
?       Ss   16:56   0:01=
=20
/usr/local/bin/snort -c /usr/local/snort/etc/snort.conf -i eth1 -g snortgro=
up -D=20
-u snortuser<BR></FONT></SPAN></DIV>
<DIV><SPAN class=3D529555621-02032005><FONT face=3DArial=20
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D529555621-02032005><FONT face=3DArial size=3D2>However, =
If I run an=20
nmap scan (doesn't matter what options) on any host on my network (Sno=
rt=20
can see it, it's on a hub) it doesn't log anything.  So far it's only=
=20
logged 1 alert for a SQL scan..  I have tried updating the rules to no=
=20
avail...</FONT></SPAN></DIV>
<DIV><SPAN class=3D529555621-02032005><FONT face=3DArial=20
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D529555621-02032005><FONT face=3DArial size=3D2>My snort.=
conf is the=20
default out of the box setup, the only things i have changed are as =20
follows</FONT></SPAN></DIV>
<DIV><SPAN class=3D529555621-02032005><FONT face=3DArial=20
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D529555621-02032005><FONT face=3DArial=20
size=3D2>***********************Changed items in=20
snort.conf********************************</FONT></SPAN></DIV>
<DIV><SPAN class=3D529555621-02032005><FONT face=3DArial size=3D2>var RULE_=
PATH=20
/usr/local/snort/rules</FONT></SPAN></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><SPAN class=3D529555621-02032005><FONT face=3DArial=20
size=3D2></FONT></SPAN> </DIV><SPAN class=3D529555621-02032005>
<DIV><FONT face=3DArial size=3D2>output database: log, mysql, user=3D<SPAN=
=20
class=3D529555621-02032005>thepropersnortuser</SPAN> password=3D<SPAN=20
class=3D529555621-02032005>snortuserspassword</SPAN> dbname=3D<SPAN=20
class=3D529555621-02032005>thesnortdatabase </SPAN>host=3Dlocalhost</FONT><=
/DIV>
<DIV><FONT face=3DArial size=3D2>  (Names have been changed to protect=
 the=20
innocent  :) )</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT><FONT face=3DArial size=3D2> output alert_syslog:=20
LOG_LOCAL3<BR> output alert_fast: snort.log<BR> output alert_full=
:=20
alert.full</FONT></FONT></DIV>
<DIV><FONT><FONT><SPAN class=3D529555621-02032005></SPAN><FONT face=3DArial=
=20
size=3D2>*<SPAN=20
class=3D529555621-02032005>***********************************************<=
/SPAN><BR></FONT></DIV></FONT>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><SPAN class=3D529555621-02032005></SPAN><FONT face=3DArial size=3D2>F<=
SPAN=20
class=3D529555621-02032005>rom what I can understand....this SHOULD work, i=
s there=20
something I have missed????</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
class=3D529555621-02032005></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D529555621-02032005>Thanks</S=
PAN></DIV>
<DIV><BR></DIV></FONT></FONT></SPAN></BODY></HTML>

------_=_NextPart_001_01C51F74.79BDC735--




More information about the Snort-users mailing list