Snort mailing list archives

Re: No data on Snort Report.

From: Nick Moore <nmoore () sourcefire com>
Date: Thu, 15 Mar 2012 13:11:02 -0500

Rick,

Have you done a tcpdump on your monitor ports to find out if you are seeing
traffic? Check to make sure you are seeing session traffic on those ports
(http, smb...) and not just broadcasts and multicasts (BPDUs, ARPs....).

If you are seeing real traffic on those ports and the http rule test in
Jeremy Hoel's email also works, re-post to the list and attach your
snort.conf and your snort startup command.

Happy Snorting!

Nick

On Thu, Mar 15, 2012 at 10:08 AM, Rick <ttricktt () gmail com> wrote:

Hi Everyone,

New to Snort.
No data on Snort Report.
This is a new install using Ubuntu 11.10
I followed the user guide,                Snort 2.9.2 and Snort Report
1.3.3 on Ubuntu 10.04 LTS Installation Guide.

The install went good and Snort Report is available on my browser I
just don't get any data.

eth0 is configured with no IP and connected to a mirrored port,
pointing to the LAN side of an ASA5510.
etho1 is configured with an IP address connect to the LAN.

The switch is a ProCurve 2626.

 Can anyone give some insight how to test the IDS.

Thanks,
Rick


------------------------------------------------------------------------------
This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here
http://p.sf.net/sfu/sfd2d-msazure
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest
Snort news!




-- 
Nick Moore, SFCE, CISSP, CISA
Sr. Systems Engineer
Voice 708-336-9041
Email nick.moore () sourcefire com
IM    nickgmoore (Yahoo)
       nickgmoore38 (AIM)

    ,,_
   o"  )~   Sourcefire - The Creators of Snort
    ''''

www.sourcefire.com         www.snort.org     www.immunet.com

------------------------------------------------------------------------------
This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here 
http://p.sf.net/sfu/sfd2d-msazure

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

No data on Snort Report. Rick (Mar 15)
- Re: No data on Snort Report. Jeremy Hoel (Mar 15)
- Re: No data on Snort Report. Rick (Mar 15)
  - Re: No data on Snort Report. Jeremy Hoel (Mar 15)
- Re: No data on Snort Report. Nick Moore (Mar 15)