Home page logo
/

snort logo Snort mailing list archives

Re: snort report no data.
From: TermVRL M <termvrl () gmail com>
Date: Sat, 1 Dec 2012 17:13:21 +0800

Hi all,


i have done what you have suggest,

1) i able to get "Commencing packet processing" on my snort.
2) when i run tcpdump, i can see the traffic in my LAN from my eth0, which
is my sniffing port.
3) in my snort.conf, i already put "output unified2: filename snort.u2,
limit 128".
4) i check on /var/log/snort/ , i manage to find that, the file "
snort.u2.xxxxxx" were created.

Attach is my printscreen for my snort ids. Thanks.


On Tue, Nov 27, 2012 at 11:58 PM, Peter Bates <peter.bates () ucl ac uk> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hi there

On 27/11/2012 13:32, TermVRL M wrote:
how i can troubleshoot this?

Some basic troubleshooting tactics:

1) Run Snort in console mode
snort -A console -c /location/of/snort.conf -i ethX
(X is probably 0)

Generate some traffic - you don't say what rules you are actually running.

2) Run Snort to generate unified2 log

Check snort.conf has something similar to:

output unified2: filename snort.log, limit 128

Then run

snort -i ethX -c /location/of/snort.conf -l /var/log/snort -D

Snort should daemonize and if you generate traffic you should see
'snort.log.xxxxxx' appear in /var/log/snort

After that you're onto troubleshooting Barnyard2, seeing as that
will be feeding the database you're looking at with snortreport.

- --
Peter Bates
Senior Information Security Officer   Phone: +44(0)2076792049
Information Services Division         Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQEcBAEBAgAGBQJQtOMJAAoJELhVoVpEMS6RKDsIAJNydm+IdBTL1y1sAfl9KY0/
Is4kW5SuubysIJiIIvq6s4xvPo4FmpQ/RVLfZfZOaDk+R7cGRoqvwlPpUsXskkdA
df4igV9eJ6YQ5YjGcaOg/S6FRIvCOsrvh8eKwq8F//7hEFEX3EMMJ2zCilL7U09f
A/oKszHMeSXBe4B3OvcC7WaNy66Hq3uQHvkThQ4V0G8JRJfvM4pvNFTuUyEET0o3
KTVCuN1ADckOMu2H+rfgVP98tGZvT0vEspWGo0bU0PaaabVZ0WItn0shvYAl8zcQ
QzzYX8X/QmL4lUHYfv0w3LWZz3Ns2rQX4pPfWtIL25ZvlKtzCpj2XoxkE6nH7l0=
=l7EJ
-----END PGP SIGNATURE-----



------------------------------------------------------------------------------
Monitor your physical, virtual and cloud infrastructure from a single
web console. Get in-depth insight into apps, servers, databases, vmware,
SAP, cloud infrastructure, etc. Download 30-day Free Trial.
Pricing starts from $795 for 25 servers or applications!
http://p.sf.net/sfu/zoho_dev2dev_nov
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest
Snort news!

------------------------------------------------------------------------------
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault