Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Snort-users] Upgrade of Snort

from [O'Flynn, Derek] Network Security [Permanent Link]
Subject: RE: [Snort-users] Upgrade of Snort
Date: Fri, 24 Sep 2004 16:57:35 -0500 
An update,

 

I found the problem, on a hunch I checked /var/log/snort and noticed a big
ol' file sitting there.  So I deleted it...problem fixed.  Why is snort
logging to this file when I have it configured to replicate the events to a
db?

 

Derek O'Flynn

Enterprise Information Security

LSU Health Sciences Center

doflyn@lsuhsc.edu <mailto:doflyn@lsuhsc.edu>  (504)568-6130

  _____  

From: snort-users-admin@lists.sourceforge.net
[mailto:snort-users-admin@lists.sourceforge.net] On Behalf Of O'Flynn, Derek
Sent: Friday, September 24, 2004 4:33 PM
To: 'snort-users@lists.sourceforge.net'
Subject: [Snort-users] Upgrade of Snort

 

I just did an upgrade for 2.0 to 2.2.  I rebuilt it and overlayed the old
binary.  I also utilized the new snort.conf and ported my specific
configurations over to it.  I dropped the tables in mysql and rebuilt them
using the create_mysql and snortdb-extra configs.  Updated the .config and
.map files to my etc directory.

 

Anyway, it looks like it comes up fine, and then crashes out with a file
size error.  Anyone know how to correct it?

 

rpc_decode arguments:

    Ports to decode RPC on: 111 32771 

    alert_fragments: INACTIVE

    alert_large_fragments: ACTIVE

    alert_incomplete: ACTIVE

    alert_multiple_requests: ACTIVE

telnet_decode arguments:

    Ports to decode telnet on: 21 23 25 119 

database: compiled support for ( mysql )

database: configured to use mysql

database:          user = snort

database: password is set

database: database name = snort

database:          host = localhost

database:   sensor name = 192.168.100.100

database:     sensor id = 1

database: schema version = 106

database: using the "log" facility

1889 Snort rules read...

1889 Option Chains linked into 196 Chain Headers

0 Dynamic rules

+++++++++++++++++++++++++++++++++++++++++++++++++++

 

Warning: flowbits key 'realplayer.playlist' is checked but not ever set.

 

+-----------------------[thresholding-config]-------------------------------
---

| memory-cap : 1048576 bytes

+-----------------------[thresholding-global]-------------------------------
---

| none

+-----------------------[thresholding-local]--------------------------------
---

| gen-id=1      sig-id=2495      type=Both       tracking=dst count=20
seconds=60 

| gen-id=1      sig-id=2523      type=Both       tracking=dst count=10
seconds=10 

| gen-id=1      sig-id=2494      type=Both       tracking=dst count=20
seconds=60 

| gen-id=1      sig-id=2275       type=Threshold tracking=dst count=5
seconds=60 

| gen-id=1      sig-id=2496      type=Both       tracking=dst count=20
seconds=60 

+-----------------------[suppression]---------------------------------------
---

----------------------------------------------------------------------------
---

Rule application order: ->activation->dynamic->alert->pass->log

 

        --== Initialization Complete ==--

 

-*> Snort! <*-

Version 2.2.0 (Build 30)

By Martin Roesch (roesch@sourcefire.com, www.snort.org)

File size limit exceeded

 

Thanks,

Derek O'Flynn
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Snort-users] Multiple instances of Snort, Rich Adamson
Next by Date:  [Snort-users] Upgrade of Snort, O'Flynn, Derek
Previous by Thread:  [Snort-users] Multiple instances of Snort, Micheal Cottingham
Next by Thread:  Re: [Snort-users] Upgrade of Snort, Bamm Visscher
Indexes:  [Date] [Thread] [Top] [All Lists]