From owner-freebsd-security Sun Jul 14 22:57:51 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B094937B400 for ; Sun, 14 Jul 2002 22:57:46 -0700 (PDT) Received: from mx10.mail.ru (mx10.mail.ru [194.67.57.20]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8FF3343E6E for ; Sun, 14 Jul 2002 22:57:45 -0700 (PDT) (envelope-from h-k@mail.ru) Received: from [194.84.56.194] (helo=elimar) by mx10.mail.ru with esmtp (Exim SMTP.A) id 17Tyrg-000LmU-00; Mon, 15 Jul 2002 09:57:44 +0400 Date: Mon, 15 Jul 2002 09:58:17 +0400 From: dawnshade X-Mailer: The Bat! (v1.60m) Reply-To: dawnshade X-Priority: 3 (Normal) Message-ID: <1051553493.20020715095817@mail.ru> To: 'dawnshade' , security@freebsd.org Subject: Re[2]: Snort problem. In-Reply-To: <271DE2625FD4D311949B009027F43B9F0918E42F@us-mtvmail2.ariba.com> References: <271DE2625FD4D311949B009027F43B9F0918E42F@us-mtvmail2.ariba.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello Jason, Saturday, July 13, 2002, 12:53:15 AM, you wrote: JF> This isn't the snort mailing list, but here is something to help... JF> Is the process actually running? JF> Run the same command minus the option to run as a daemon. This will let you JF> see any errors. JF> -----Original Message----- JF> From: dawnshade [mailto:h-k@mail.ru] JF> Sent: Thursday, July 11, 2002 10:03 PM JF> To: security@FreeBSD.ORG JF> Subject: Snort problem. JF> I have a little problem: JF> install, configure snort (1.8.6 (Build 105)). JF> Run: /usr/local/bin/snort -c /usr/local/etc/snort/snort.conf -s -A full -d JF> -D -l /usr/log/snort JF> But the snort does nothing: not log or alert scans, portscans, etc.... JF> thank all for advance. Yes, process running: su-2.05a# /usr/local/bin/snort -i cp0 -A fast -c /usr/local/etc/snort/snort.conf - m 027 Log directory = /var/log/snort Initializing Network Interface cp0 --== Initializing Snort ==-- Decoding PPP on interface cp0 Initializing Preprocessors! Initializing Plug-ins! Initializating Output Plugins! Parsing Rules file /usr/local/etc/snort/snort.conf +++++++++++++++++++++++++++++++++++++++++++++++++++ Initializing rule chains... No arguments to frag2 directive, setting defaults to: Fragment timeout: 60 seconds Fragment memory cap: 4194304 bytes Fragment min_ttl: 0 Fragment ttl_limit: 5 Fragment Problems: 0 Stream4 config: Stateful inspection: ACTIVE Session statistics: INACTIVE Session timeout: 30 seconds Session memory cap: 8388608 bytes State alerts: INACTIVE Evasion alerts: INACTIVE Scan alerts: ACTIVE Log Flushed Streams: INACTIVE MinTTL: 1 TTL Limit: 5 No arguments to stream4_reassemble, setting defaults: Reassemble client: ACTIVE Reassemble server: INACTIVE Reassemble ports: 21 23 25 53 80 143 110 111 513 Reassembly alerts: ACTIVE Reassembly method: FAVOR_OLD Using LOCAL time Anomoly sensor threshold adapting repeadly specified, ignoring later specification: 0.01 15 4 24 7 WARNING: command line overrides rules file alert plugin! WARNING: command line overrides rules file alert plugin! limit == 128 UnifiedLogFilename = snort.log Opening /var/log/snort/snort.log.1026712623 1530 Snort rules read... 1530 Option Chains linked into 170 Chain Headers 0 Dynamic rules +++++++++++++++++++++++++++++++++++++++++++++++++++ Rule application order: ->activation->dynamic->alert->pass->log->suspicious --== Initialization Complete ==-- -*> Snort! <*- Version 1.8.7 (Build 128) By Martin Roesch (roesch@sourcefire.com, www.snort.org) ps ax: 33529 p3 S+ 0:00.33 /usr/local/bin/snort -i cp0 -A fast -c /usr/local/etc/snort.conf -- Best regards, dawnshade mailto:h-k@mail.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message