Network Security: Detailed info on RE: [Snort-users] My BASE did not have any alerts

Subject:	RE: [Snort-users] My BASE did not have any alerts
Date:	Sun, 17 Apr 2005 19:45:29 -0700

The -i is for interface, and the -h is for your $HOME_NET - so it would be
more like the following:
 "snort -c /etc/snort/snort.conf -i eth0" (assuming you're using eth0)
Unless your $HOME_NET changes often, I'd just keep it defined in snort.conf

-----Original Message-----
From: mr leokenzie [mailto:tenminustwo@hotmail.com] 
Sent: Sunday, April 17, 2005 6:34 PM
To: 360air@comcast.net
Subject: RE: [Snort-users] My BASE did not have any alerts

snort -c /etc/snort/snort.conf -i 172.20.130.151 Is this the correct way to
run snort? If so why do i get this error?
Initializing Network Interface 172.20.130.151
ERROR: OpenPcap() device 172.20.130.151 open:
        ioctl: No such device
Fatal Error, Quitting..

From: "Adam Kliarsky" <360air@comcast.net>
Reply-To: <360air@comcast.net>
To: "'mr leokenzie'" 
<tenminustwo@hotmail.com>,<snort-users@lists.sourceforge.net>
Subject: RE: [Snort-users] My BASE did not have any alerts
Date: Sun, 17 Apr 2005 09:19:36 -0700

Yeah, Nessus should produce all sorts of red on your base console Ok, 
assuming you're on a *nix system, do the following

1. check for the running snort process ("ps -aux | grep snort") You 
should see two entries if snort is running (one for the process, and 
one for your ps query) If snort is not running, start it up ("snort -c 
<path to snort.conf> -i
<interface>")

2. packet dump on the same interface to make sure libpcap is working 
and capturing packets
 - "snort -dv -i <interface>" - this will display the packets to the 
screen so you can check

3. check the logs to see if you are getting mysql login errors or other 
similar
 - (/var/log/messages)

4. did you verify that you can login to MySQL with the user supplied in 
snort.conf?

5. check base_conf.php:
 - $Dbtype = "mysql";
 - $alert_dbname = "snort";
 - $alert_host = "localhost";
 - $alert_user = "snort";
 - $alert_password = "your own password";

Let me know if that produces anything -

Adam

-----Original Message-----
From: mr leokenzie [mailto:tenminustwo@hotmail.com]
Sent: Sunday, April 17, 2005 8:38 AM
To: 360air@comcast.net
Subject: RE: [Snort-users] My BASE did not have any alerts

1. im not sure whether i started running snort, but i did run the 
database 2. I have not check whether theres error 3. output plugin is 
configured as follows (output database: log, mysql, user=snort 
password=myown password dbname=snort host=localhost) 4. what do you 
mean by dump on the interface to ensure it receives the packet

When i scan nessus, does base actually shows the results and stats?
Thanks

From: "Adam Kliarsky" <360air@comcast.net>
Reply-To: <360air@comcast.net>
To: "'mr leokenzie'"
<tenminustwo@hotmail.com>,<snort-users@lists.sourceforge.net>
Subject: RE: [Snort-users] My BASE did not have any alerts
Date: Sat, 16 Apr 2005 18:37:26 -0700

This could be related to several things - can you describe your 
system (platform, db, etc)?
- did you verify snort & database processes are running? Did you 
restart them?
- do you see any errors (/var/log/messages)
- is the output plugin in snort.conf configured properly
 (output database: log, mysql, user=??? password=??? dbname=???
host=localhost)
- did you dump on the interface to ensure you're receiving packets?


-----Original Message-----
From: snort-users-admin@lists.sourceforge.net
[mailto:snort-users-admin@lists.sourceforge.net] On Behalf Of mr 
leokenzie
Sent: Friday, April 15, 2005 12:33 AM
To: snort-users@lists.sourceforge.net
Subject: [Snort-users] My BASE did not have any alerts

What have I done wrong?
I did a scan with nessus but when i go to my BASE website it did not 
display anything.
Why is that?
I make it focus on port 80 and target it at my own ip address. Please 
kindly Help.
Thanks

_________________________________________________________________
Don't just search. Find. Check out the new MSN Search!
http://search.msn.click-url.com/go/onm00200636ave/direct/01/



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide Read honest & candid 
reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide Read honest & candid 
reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


_________________________________________________________________
Is your PC infected? Get a FREE online computer virus scan from McAfeeR 
Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide Read honest & candid 
reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

<Prev in Thread]	Current Thread	[Next in Thread>
[Snort-users] My BASE did not have any alerts, mr leokenzie Re: [Snort-users] My BASE did not have any alerts, Kevin Johnson RE: [Snort-users] My BASE did not have any alerts, Adam Kliarsky RE: [Snort-users] My BASE did not have any alerts, Adam Kliarsky RE: [Snort-users] My BASE did not have any alerts, Adam Kliarsky <= [Snort-users] management console, hans Message not available Re: [Snort-users] management console, hans [Snort-users] restarting snort and archive move failed on base, hans Re: [Snort-users] restarting snort and archive move failed on base, hans RE: [Snort-users] My BASE did not have any alerts, Adam Kliarsky RE: [Snort-users] My BASE did not have any alerts, Adam Kliarsky

Previous by Date:	RE: [Snort-users] Odd Information, Lee Clemens
Next by Date:	[Snort-users] Redirect kill -10 output, ahmim
Previous by Thread:	RE: [Snort-users] My BASE did not have any alerts, Adam Kliarsky
Next by Thread:	[Snort-users] management console, hans
Indexes:	[Date] [Thread] [Top] [All Lists]