Home page logo
/

snort logo Snort mailing list archives

issues with Snort report 1.3&VRT rules&ET rules&threshold.conf
From: Jun Wan <junwei_wan () hotmail com>
Date: Wed, 1 Dec 2010 00:02:37 +0000


Hi,
 
BASE is not maintained, as well as it's lack of docs, so I choose Snort Report (SR).  I have got lots of help from 
David Gullett, David has done a wonderful job,  thanks David.
 
Two issues on Snort2.8.6.0 with SR 1.3 are very strange, I thought you guys may be interested to know, please see the 
followings:
 
1.) If I do following commands:
 
sudo /usr/local/snort/bin/snort -D -u snort -g snort -c /usr/local/snort/etc/snort.conf -i eth0
sudo /usr/local/bin/barnyard2 -c /usr/local/snort/etc/barnyard2.conf -G /usr/local/snort/etc/gen-msg.map -S 
/usr/local/snort/etc/sid-msg.map -d /var/log/snort -f snort.u2 -w /var/log/snort/barnyard2.waldo
 
The results: the activated rules on emerging.conf and settings on threshold.conf are not working, but the SR is 
working, snort is running with VRT rules only (not running ET rules&threshold.conf )
 
2.) or If I do the following command:
 
 sudo /usr/local/snort/bin/snort -u snort -g snort -c /usr/local/snort/etc/snort.conf -i eth1 -A console 
 
The results: the activated rules on emerging.conf and settings on threshold.conf are working, but the SR is not working 
(no data), and snort is running with VRT rules and ET rules and threshold.conf .
 
Same issues happen to Snort 2.9.0 with SR1.3.
 
I would like to solve these issues before I put Snort 2.8.6 &2.9.0 with SR 1.3 into our live network.
 
Any information/idea/direction would be highly appreciated.
 
Regards
 
John                                      
------------------------------------------------------------------------------
Increase Visibility of Your 3D Game App & Earn a Chance To Win $500!
Tap into the largest installed PC base & get more eyes on your game by
optimizing for Intel(R) Graphics Technology. Get started today with the
Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs.
http://p.sf.net/sfu/intelisp-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]