Date: Mon, 15 Jul 2002 09:58:17 +0400 From: dawnshade <h-k@mail.ru> To: 'dawnshade' <h-k@mail.ru>, security@freebsd.org Subject: Re[2]: Snort problem. Message-ID: <1051553493.20020715095817@mail.ru> In-Reply-To: <271DE2625FD4D311949B009027F43B9F0918E42F@us-mtvmail2.ariba.com> References: <271DE2625FD4D311949B009027F43B9F0918E42F@us-mtvmail2.ariba.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello Jason,
Saturday, July 13, 2002, 12:53:15 AM, you wrote:
JF> This isn't the snort mailing list, but here is something to help...
JF> Is the process actually running?
JF> Run the same command minus the option to run as a daemon. This will let you
JF> see any errors.
JF> -----Original Message-----
JF> From: dawnshade [mailto:h-k@mail.ru]
JF> Sent: Thursday, July 11, 2002 10:03 PM
JF> To: security@FreeBSD.ORG
JF> Subject: Snort problem.
JF> I have a little problem:
JF> install, configure snort (1.8.6 (Build 105)).
JF> Run: /usr/local/bin/snort -c /usr/local/etc/snort/snort.conf -s -A full -d
JF> -D -l /usr/log/snort
JF> But the snort does nothing: not log or alert scans, portscans, etc....
JF> thank all for advance.
Yes, process running:
su-2.05a# /usr/local/bin/snort -i cp0 -A fast -c /usr/local/etc/snort/snort.conf -
m 027
Log directory = /var/log/snort
Initializing Network Interface cp0
--== Initializing Snort ==--
Decoding PPP on interface cp0
Initializing Preprocessors!
Initializing Plug-ins!
Initializating Output Plugins!
Parsing Rules file /usr/local/etc/snort/snort.conf
+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
No arguments to frag2 directive, setting defaults to:
Fragment timeout: 60 seconds
Fragment memory cap: 4194304 bytes
Fragment min_ttl: 0
Fragment ttl_limit: 5
Fragment Problems: 0
Stream4 config:
Stateful inspection: ACTIVE
Session statistics: INACTIVE
Session timeout: 30 seconds
Session memory cap: 8388608 bytes
State alerts: INACTIVE
Evasion alerts: INACTIVE
Scan alerts: ACTIVE
Log Flushed Streams: INACTIVE
MinTTL: 1
TTL Limit: 5
No arguments to stream4_reassemble, setting defaults:
Reassemble client: ACTIVE
Reassemble server: INACTIVE
Reassemble ports: 21 23 25 53 80 143 110 111 513
Reassembly alerts: ACTIVE
Reassembly method: FAVOR_OLD
Using LOCAL time
Anomoly sensor threshold adapting repeadly specified, ignoring later specification: 0.01 15 4 24 7
WARNING: command line overrides rules file alert plugin!
WARNING: command line overrides rules file alert plugin!
limit == 128
UnifiedLogFilename = snort.log
Opening /var/log/snort/snort.log.1026712623
1530 Snort rules read...
1530 Option Chains linked into 170 Chain Headers
0 Dynamic rules
+++++++++++++++++++++++++++++++++++++++++++++++++++
Rule application order: ->activation->dynamic->alert->pass->log->suspicious
--== Initialization Complete ==--
-*> Snort! <*-
Version 1.8.7 (Build 128)
By Martin Roesch (roesch@sourcefire.com, www.snort.org)
ps ax: 33529 p3 S+ 0:00.33 /usr/local/bin/snort -i cp0 -A fast
-c /usr/local/etc/snort.conf
--
Best regards,
dawnshade mailto:h-k@mail.ru
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1051553493.20020715095817>