LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 05-31-2014, 07:09 AM   #31
Suburban Errorist
LQ Newbie
 
Registered: May 2014
Posts: 22

Original Poster
Rep: Reputation: Disabled

Quote:
Originally Posted by unSpawn View Post
OK. Then we'll try something else. On the machine that runs Snort run this command:
Code:
sudo tcpdump -i eth1 -s0 -w /tmp/packets.pcap
then do another nmap scan. When finished kill tcpdump and run:
Code:
mkdir /tmp/snorttest; sudo cp /tmp/packets.pcap /tmp/snorttest/
sudo tar -cjf /tmp/snorttest.tbz2 /tmp/snorttest/ /usr/local/snort/etc/snort.conf /usr/local/snort/etc/barnyard2.conf
and then contact me by email so I can tell you where to send the tar ball to. I'll see if I can tweak things to work. If I can't then you'll better get on the snort users mailing list.
I tried sending you an email but the forum said I don't have permission to do so.

Last edited by unSpawn; 05-31-2014 at 09:36 AM. Reason: /NN
 
Old 05-31-2014, 09:53 AM   #32
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,132
Blog Entries: 54

Rep: Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791
Quote:
Originally Posted by Suburban Errorist View Post
I tried sending you an email but the forum said I don't have permission to do so.
If you're logged into LQ properly this should work. If it doesn't then try this or else please attach a screen shot showing the URI and the error.
 
Old 05-31-2014, 11:33 AM   #33
Suburban Errorist
LQ Newbie
 
Registered: May 2014
Posts: 22

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by unSpawn View Post
If you're logged into LQ properly this should work. If it doesn't then try this or else please attach a screen shot showing the URI and the error.
Nope, still doesn't work. And here's the screenshot:
Attached Images
File Type: jpg permissionserror.JPG (192.4 KB, 4 views)
 
Old 05-31-2014, 01:14 PM   #34
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,132
Blog Entries: 54

Rep: Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791
Check your mail.
 
Old 05-31-2014, 07:27 PM   #35
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,132
Blog Entries: 54

Rep: Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791
Ran the tcpdump through Snort, changing IP address and adding "-l /tmp -A fast -b", which got me logs. No idea why unified logging won't work. I'd say get on the snort users mailing list as I've exhausted by diagnostics-fu.
 
Old 06-01-2014, 01:44 AM   #36
Suburban Errorist
LQ Newbie
 
Registered: May 2014
Posts: 22

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by unSpawn View Post
Ran the tcpdump through Snort, changing IP address and adding "-l /tmp -A fast -b", which got me logs. No idea why unified logging won't work. I'd say get on the snort users mailing list as I've exhausted by diagnostics-fu.
So is that done through the snort.conf file?

And I'll check with them. Thanks for your help.
 
Old 06-01-2014, 07:55 AM   #37
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,132
Blog Entries: 54

Rep: Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791
Quote:
Originally Posted by Suburban Errorist View Post
So is that done through the snort.conf file?
Can be done through command line or snort.conf.


Quote:
Originally Posted by Suburban Errorist View Post
And I'll check with them. Thanks for your help.
You're welcome & good luck. Sorry I couldn't help you diagnose things any further.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
snort logs issue rajat83 Linux - Server 3 04-21-2008 04:36 AM
Reading SNORT Logs WarlockofVirgo Linux - Networking 1 08-13-2004 09:24 AM
Snort ?config? problem: empty alert file Gyuszko Linux - Security 4 01-06-2004 03:41 PM
What do these snort logs mean? tarballedtux Linux - Security 1 08-31-2002 10:15 PM
Explain these Snort logs... the theorist Linux - Security 9 04-27-2002 09:21 PM


All times are GMT -5. The time now is 04:07 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration