Snort mailing list archives
Re: New snort install ipvar issue
From: James Lay <jlay () slave-tothe-box net>
Date: Fri, 24 Dec 2010 13:31:35 -0700
Here we go:
root 31407 1 0 11:58 ? 00:00:12 /opt/bin/snort -i ppp0 -D -c
/opt/etc/snort/snort.conf
I've also tried what I had before, which was eth1...I was getting alerts with
older snort version:
Dec 24 08:46:30 gateway snort[1779]: [122:20:0] (portscan) UDP Distributed
Portscan [Priority: 3] {PROTO:255} 66.150.8.4 -> externalIP
But no longer. Complete configline is:
./configure --prefix=/opt --with-dnet-includes=/opt/include
--with-dnet-libraries=/opt/lib --with-daq-includes=/opt/lib
--with-daq-libraries=/opt/lib --enable-ipv6 --enable-zlib
Really strange.
Thank you.
James
From: John Gay <john.gay () sourcefire com>
Date: Fri, 24 Dec 2010 15:16:16 -0500
To: James Lay <jlay () slave-tothe-box net>
Cc: Snort <snort-users () lists sourceforge net>
Subject: Re: [Snort-users] New snort install ipvar issue
What command are you using to start snort? Can you show the results of ps
-ef | grep snort
On Dec 24, 2010 2:40 PM, "James Lay" <jlay () slave-tothe-box net> wrote:
Thanks JohnÅ not running IPv6, but ehÅ whatever works. Now it seems I've muffed something as I get no alerts whatsoever even after doing an nmap on it. I did have 2.9.0.0 running fine on this, but now it seems nothing causes an alert. Anyone have any hints on why this would fire any alerts? I even am testing ping outbound and inbound and nothing. Config below:
SNIP What command are you using to start snort? What output are you using? Can you show the results of ps -ef | grep snort John
------------------------------------------------------------------------------ Learn how Oracle Real Application Clusters (RAC) One Node allows customers to consolidate database storage, standardize their database environment, and, should the need arise, upgrade to a full multi-node Oracle RAC database without downtime or disruption http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- New snort install ipvar issue James Lay (Dec 24)
- Re: New snort install ipvar issue John Gay (Dec 24)
- Re: New snort install ipvar issue James Lay (Dec 24)
- Re: New snort install ipvar issue John Gay (Dec 24)
- Re: New snort install ipvar issue James Lay (Dec 24)
- Re: New snort install ipvar issue John Gay (Dec 24)
- Re: New snort install ipvar issue James Lay (Dec 24)
- Re: New snort install ipvar issue James Lay (Dec 24)
- Re: New snort install ipvar issue John Gay (Dec 24)