Re: snort report no data.

[TermVRL M <termvrl () gmail com>]

Hi all,


i have done what you have suggest,

1) i able to get "Commencing packet processing" on my snort.
2) when i run tcpdump, i can see the traffic in my LAN from my eth0, which
is my sniffing port.
3) in my snort.conf, i already put "output unified2: filename snort.u2,
limit 128".
4) i check on /var/log/snort/ , i manage to find that, the file "
snort.u2.xxxxxx" were created.

Attach is my printscreen for my snort ids. Thanks.


On Tue, Nov 27, 2012 at 11:58 PM, Peter Bates <peter.bates () ucl ac uk> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> Hi there
>
> On 27/11/2012 13:32, TermVRL M wrote:
> > how i can troubleshoot this?
>
> Some basic troubleshooting tactics:
>
> 1) Run Snort in console mode
> snort -A console -c /location/of/snort.conf -i ethX
> (X is probably 0)
>
> Generate some traffic - you don't say what rules you are actually running.
>
> 2) Run Snort to generate unified2 log
>
> Check snort.conf has something similar to:
>
> output unified2: filename snort.log, limit 128
>
> Then run
>
> snort -i ethX -c /location/of/snort.conf -l /var/log/snort -D
>
> Snort should daemonize and if you generate traffic you should see
> 'snort.log.xxxxxx' appear in /var/log/snort
>
> After that you're onto troubleshooting Barnyard2, seeing as that
> will be feeding the database you're looking at with snortreport.
>
> - --
> Peter Bates
> Senior Information Security Officer   Phone: +44(0)2076792049
> Information Services Division         Internal Ext: 32049
> University College London
> London WC1E 6BT
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.17 (MingW32)
> Comment: Using GnuPG with undefined - http://www.enigmail.net/
>
> iQEcBAEBAgAGBQJQtOMJAAoJELhVoVpEMS6RKDsIAJNydm+IdBTL1y1sAfl9KY0/
> Is4kW5SuubysIJiIIvq6s4xvPo4FmpQ/RVLfZfZOaDk+R7cGRoqvwlPpUsXskkdA
> df4igV9eJ6YQ5YjGcaOg/S6FRIvCOsrvh8eKwq8F//7hEFEX3EMMJ2zCilL7U09f
> A/oKszHMeSXBe4B3OvcC7WaNy66Hq3uQHvkThQ4V0G8JRJfvM4pvNFTuUyEET0o3
> KTVCuN1ADckOMu2H+rfgVP98tGZvT0vEspWGo0bU0PaaabVZ0WItn0shvYAl8zcQ
> QzzYX8X/QmL4lUHYfv0w3LWZz3Ns2rQX4pPfWtIL25ZvlKtzCpj2XoxkE6nH7l0=
> =l7EJ
> -----END PGP SIGNATURE-----
>
>
>
> ------------------------------------------------------------------------------
> Monitor your physical, virtual and cloud infrastructure from a single
> web console. Get in-depth insight into apps, servers, databases, vmware,
> SAP, cloud infrastructure, etc. Download 30-day Free Trial.
> Pricing starts from $795 for 25 servers or applications!
> http://p.sf.net/sfu/zoho_dev2dev_nov
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!

------------------------------------------------------------------------------
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!