Home page logo
/

snort logo Snort mailing list archives

Re: Snort 2.9.4.5 rules using pp
From: Ashraf Ali <ashrafali.ibs () gmail com>
Date: Tue, 23 Apr 2013 10:10:33 +0530

yes, if i use the command (snort -c /usr/local/snort/snort.conf -i eth0
-A)  and can see lots of traffic on the console but nothing is getting dump
in the log file, it is still 0 Bytes.

i did a R&D , by creating a file called local.rules in the same rules
folder and added a signature (alert tcp any any -> any any(msg:"Tcp traffic
found" sid:1000001);
in the snort.conf file i put a # before include statement of snort.rules
line and added local.rules
later restarted both snort and barnyard2 Deamons , Guess what i can see log
file filling up, and in GUI i can see the alerts.

There seems to be some problem with the snort.rules file which PP has
created.

Regards,
Ashraf
Security System Engineer.





On Mon, Apr 22, 2013 at 9:37 PM, Y M <snort () outlook com> wrote:

 If you run snort with -A console or -A cmg, do you see any alerts on the
console?

Also run tcpdump against the interface you are listening from, simply

tcpdump -i ethX -v

Do you see any traffic? Replace ethX with your interface.
 ------------------------------
From: Ashraf Ali <ashrafali.ibs () gmail com>
Sent: 4/22/2013 3:37 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Snort 2.9.4.5 rules using pp

    Hi All,

 recently i have deployed snort in ubuntu 12.04 using Autosnort , during
the installation PP asked for Oinkcode ,as i am a registered user so i have
provided the same.
 After completion of the installation, i have seen that snort and
barnyard2 services are running in Deamon mode, and in /var/log/snort folder
a file with name snort.u2.1366**** is also created but empty(0 bytes).

-rw-r--r--  1 snort snort    2056 Apr 22 17:54 barnyard2.waldo
*-rw-------  1 snort snort         0 Apr 22 17:54 snort.u2.136662******

 there is a single rules file called snort.rules in /usr/local/snort/rules
folder which has all the downloaded snort rules, and same is included in
the snort.conf file.
 Even i have run the snort in test mode using -T , it does not shows up
any problem, its working fine but not generating any logs.

 I have formated the server , and re-installed every thing manually this
time. still the same problem. file is getting created but no logs.

 pls Advice.

 Ashraf
 Security System Egnineer



------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service 
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]