Re: Sun Ultra 5, Debian adn SNORT

From: John SMith (Jsmith_at_hotlink.com)
Date: 08/05/03

Next message: Pete Houston: "Re: how to interpret this iptables log. My computer compromised?"
Previous message: HandySolo: "Re: Pro-active Security Software?"
In reply to: Rightrik: "Re: Sun Ultra 5, Debian adn SNORT"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 05 Aug 2003 03:10:18 GMT

U really should look at the snort.conf file and understand the basic
configuration parameters in it. Additionally, you have log files
(/var/log/messages). If you run it in -D mode <STDOUT> goes to your logs
not to the screen.

The trick to making anything easy and not nightmarish is to first take
the time to read, investigate and figure out how at least the basics
works first. Try the snort mailing list after you read all the
documentation and additionally search the archives before posting a
question.

Just wait until you have to interpret the alerts, do corelation and
manage your rules! If you use a windows PC - try activworks IDSPolicy
manager for rule and snort.conf management (after you know how it works).

-Jsmith

Rightrik wrote:

> "erik" <erik@geenspam.vanwesten.net> ha scritto nel messaggio
> news:3f2c0d00$0$49110$e4fe514c@news.xs4all.nl...
>
>>Rightrik wrote:
>>
>>
>>>>What happens with a snort -T ?
>>>
>>>
>>>sunultra5:~# snort -T
>>>Log directory = /var/log/snort
>>>
>>>Initializing Network Interface eth0
>>>using config file /root/.snortrc
>>>Initializing Preprocessors!
>>>Initializing Plug-ins!
>>>Initializating Output Plugins!
>>>Parsing Rules file /root/.snortrc
>>>
>>>+++++++++++++++++++++++++++++++++++++++++++++++++++
>>>Initializing rule chains...
>>>ERROR: Unable to open rules file: /root/.snortrc or
>>>/root//root/.snortrc Fatal Error, Quitting..
>>>sunultra5:~#
>>
>>So, you did not define rules.
>>
>
>
> But i'm using the default rules : with Webmin i can see them !!!
>
> Oh my God, this IDS it's a nightmare...
>
> Riccardo :-(
>
>

Next message: Pete Houston: "Re: how to interpret this iptables log. My computer compromised?"
Previous message: HandySolo: "Re: Pro-active Security Software?"
In reply to: Rightrik: "Re: Sun Ultra 5, Debian adn SNORT"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

write an update manager in python/wxPython
... manager. ... I assume that the basics of it is to compare versions of the ... wxPython or within the win32com package exist. ...
(comp.lang.python)
Re: Disk is Full Error
... the folder of WSS 3.0 below is called "12 hive" ... And the log files are located in the "logs" sub folder: ... Microsoft MSDN Online Support Lead ... You can send feedback directly to my manager at: ...
(microsoft.public.sharepoint.windowsservices)
Re: Exchange Recovery
... *.stm and log files from the old drives but thats ... You probably need something like Recovery Manager for Exchange from www.quest.com. ... Steve Foster [SBS MVP] ...
(microsoft.public.windows.server.sbs)
RE: Cannot mount databases at all
... Is it ok to simply copy the old log files to a backup directory, ... > database that doesn't match the old log files. ... >>time I try to mount the stores, the manager tells me there ...
(microsoft.public.exchange.admin)