LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 05-31-2014, 08:09 AM   #31
Suburban Errorist
LQ Newbie
 
Registered: May 2014
Posts: 26

Original Poster
Rep: Reputation: Disabled

Quote:
Originally Posted by unSpawn View Post
OK. Then we'll try something else. On the machine that runs Snort run this command:
Code:
sudo tcpdump -i eth1 -s0 -w /tmp/packets.pcap
then do another nmap scan. When finished kill tcpdump and run:
Code:
mkdir /tmp/snorttest; sudo cp /tmp/packets.pcap /tmp/snorttest/
sudo tar -cjf /tmp/snorttest.tbz2 /tmp/snorttest/ /usr/local/snort/etc/snort.conf /usr/local/snort/etc/barnyard2.conf
and then contact me by email so I can tell you where to send the tar ball to. I'll see if I can tweak things to work. If I can't then you'll better get on the snort users mailing list.
I tried sending you an email but the forum said I don't have permission to do so.

Last edited by unSpawn; 05-31-2014 at 10:36 AM. Reason: /NN
 
Old 05-31-2014, 10:53 AM   #32
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,751
Blog Entries: 54

Rep: Reputation: 2974Reputation: 2974Reputation: 2974Reputation: 2974Reputation: 2974Reputation: 2974Reputation: 2974Reputation: 2974Reputation: 2974Reputation: 2974Reputation: 2974
Quote:
Originally Posted by Suburban Errorist View Post
I tried sending you an email but the forum said I don't have permission to do so.
If you're logged into LQ properly this should work. If it doesn't then try this or else please attach a screen shot showing the URI and the error.
 
Old 05-31-2014, 12:33 PM   #33
Suburban Errorist
LQ Newbie
 
Registered: May 2014
Posts: 26

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by unSpawn View Post
If you're logged into LQ properly this should work. If it doesn't then try this or else please attach a screen shot showing the URI and the error.
Nope, still doesn't work. And here's the screenshot:
Attached Images
File Type: jpg permissionserror.JPG (192.4 KB, 4 views)
 
Old 05-31-2014, 02:14 PM   #34
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,751
Blog Entries: 54

Rep: Reputation: 2974Reputation: 2974Reputation: 2974Reputation: 2974Reputation: 2974Reputation: 2974Reputation: 2974Reputation: 2974Reputation: 2974Reputation: 2974Reputation: 2974
Check your mail.
 
Old 05-31-2014, 08:27 PM   #35
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,751
Blog Entries: 54

Rep: Reputation: 2974Reputation: 2974Reputation: 2974Reputation: 2974Reputation: 2974Reputation: 2974Reputation: 2974Reputation: 2974Reputation: 2974Reputation: 2974Reputation: 2974
Ran the tcpdump through Snort, changing IP address and adding "-l /tmp -A fast -b", which got me logs. No idea why unified logging won't work. I'd say get on the snort users mailing list as I've exhausted by diagnostics-fu.
 
Old 06-01-2014, 02:44 AM   #36
Suburban Errorist
LQ Newbie
 
Registered: May 2014
Posts: 26

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by unSpawn View Post
Ran the tcpdump through Snort, changing IP address and adding "-l /tmp -A fast -b", which got me logs. No idea why unified logging won't work. I'd say get on the snort users mailing list as I've exhausted by diagnostics-fu.
So is that done through the snort.conf file?

And I'll check with them. Thanks for your help.
 
Old 06-01-2014, 08:55 AM   #37
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,751
Blog Entries: 54

Rep: Reputation: 2974Reputation: 2974Reputation: 2974Reputation: 2974Reputation: 2974Reputation: 2974Reputation: 2974Reputation: 2974Reputation: 2974Reputation: 2974Reputation: 2974
Quote:
Originally Posted by Suburban Errorist View Post
So is that done through the snort.conf file?
Can be done through command line or snort.conf.


Quote:
Originally Posted by Suburban Errorist View Post
And I'll check with them. Thanks for your help.
You're welcome & good luck. Sorry I couldn't help you diagnose things any further.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
snort logs issue rajat83 Linux - Server 3 04-21-2008 05:36 AM
Reading SNORT Logs WarlockofVirgo Linux - Networking 1 08-13-2004 10:24 AM
Snort ?config? problem: empty alert file Gyuszko Linux - Security 4 01-06-2004 04:41 PM
What do these snort logs mean? tarballedtux Linux - Security 1 08-31-2002 11:15 PM
Explain these Snort logs... the theorist Linux - Security 9 04-27-2002 10:21 PM


All times are GMT -5. The time now is 06:40 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration