Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Snort-users] snort 2.02 cant start automactically

from [James Riden] Network Security [Permanent Link]
Subject: Re: [Snort-users] snort 2.02 cant start automactically
Date: Tue, 31 Aug 2004 08:32:00 +1200 
"th0ri4.wang" <th0ri4@yahoo.com.cn> writes:


   hi,



   i have a debian woody box,  i have copied the file S99snort to
   /etc/init.d/snort,and create a symbol link at rc3.d. then i

   reboot my box, the following lines traped me:

   ----------------------------------------------------------------------
   ----------------------------------

   Aug 23 18:15:29 andreas kernel: TCP: Hash tables configured
   (established 4096 b
   nd 4096)
   Aug 23 18:15:29 andreas kernel: NET4: Unix domain sockets 1.0/SMP for
   Linux NET
   .0.
   Aug 23 18:15:29 andreas kernel: ds: no socket drivers loaded!
   Aug 23 18:15:29 andreas kernel: VFS: Mounted root (ext2 filesystem)
   readonly.
   Aug 23 18:15:29 andreas kernel: Freeing unused kernel memory: 188k
   freed
   Aug 23 18:15:29 andreas kernel: Adding Swap: 771048k swap-space
   (priority -1)
   Aug 23 18:15:32 andreas kernel: eth0: Promiscuous mode enabled.
   Aug 23 18:15:32 andreas kernel: device eth0 entered promiscuous mode
   Aug 23 18:15:33 andreas kernel: device eth0 left promiscuous mode

   ----------------------------------------------------------------------
   -----------------------------------

   when the script get snort start, it immediately down and left
   promiscuous mode, but  when i use this command:


What does it say in /var/log/messages ? 

eg.  this is part of a successful start up - yours might be 'snort'
instead of 'snort-pgsql':

Aug 31 03:58:03 it023072 snort-pgsql:     alert_large_fragments: ACTIVE
Aug 31 03:58:03 it023072 snort-pgsql:     alert_incomplete: ACTIVE
Aug 31 03:58:03 it023072 snort-pgsql:     alert_multiple_requests: ACTIVE
Aug 31 03:58:03 it023072 snort-pgsql: telnet_decode arguments:
Aug 31 03:58:03 it023072 snort-pgsql:     Ports to decode telnet on: 21 23 25 
119
Aug 31 03:58:03 it023072 postgres[5595]: [1] LOG:  connection received: 
host=130.123.107.157 port=36152
Aug 31 03:58:03 it023072 postgres[5595]: [2] LOG:  connection authorized: 
user=snort_db_user database=snort
Aug 31 03:58:05 it023072 snort-pgsql: Warning: flowbits key 
'realplayer.playlist' is checked but not ever set.
Aug 31 03:58:05 it023072 snort-pgsql: Snort initialization completed 
successfully

cheers,
 Jamie
-- 
James Riden / j.riden@massey.ac.nz / Systems Security Engineer
Information Technology Services, Massey University, NZ.
GPG public key available at: http://www.massey.ac.nz/~jriden/



-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Snort-users] Snort on Cisco 6509, Rich Adamson
Next by Date:  [Snort-users] data structure for snort rules, snort user
Previous by Thread:  [Snort-users] snort 2.02 cant start automactically, th0ri4.wang
Next by Thread:  [Snort-users] snort 2.02 cant start automactically, th0ri4.wang
Indexes:  [Date] [Thread] [Top] [All Lists]