[Gloucs] Snort!

Jill Tovey gloucs at mailman.lug.org.uk
Fri Apr 4 10:49:01 2003 

--=-9NhjSVQhojlk+mCXKduE
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

Hi everyone,

I am stuck with my snort installation!
So far nobody has been able to help me resolve this, I don't know how
many of you are familiar with snort but I am hoping some of you might
have a few ideas..

I am at the stage the stage where I am adding the sensor agent, the
information I am typing in is as follows:

enable sensor - ticked yes
sensor name - snort
sensor ip - 192.168.0.2
sensor port - 2525
username - admin
password - ******
Sensor Agent Type - snort centre agent v1 (ssl enabled)
Interface name to sniff - eth0
Snort command line - -U -o

Now, when I go to view sensor it says this:

snort ->eth0 Can't Connect to 192.168.0.2:2525 Retry Connecting

Sensor Message sh: line 1: curl: command not found

I have tried a few variations on the sensor - such as using jt.mandrake
(my hostname), 127.0.0.1, etc. I have also put an extra ethernet card in
and tried using that but it shouldn't and didn't make a difference.

Now, when i go to https://localhost:2525/

i find this error:

Current config file error:
sh: line 1: /usr/sbinsnort: No such file or directory

So to me it looks like when i went through the setup.sh script i should
have entered "/usr/sbin/snort" rather than "/usr/sbin" 

So....
It doesn't let me run setup.sh again (so I can correct the path) as it
just says its already installed. 
Presumably the place where it defines the path is in the
snesoragent/conf/config, however, when I go into the conf directory, no
config file is showing up?!

I have tried some other things such as 

ln -s /usr/sbin/snort /usr/sbinsnort 

I have also installed the last stable version of curl in case that is
it, but nothing changed, though someone suggested I should make sure it
is installed on the management console and is in my path - though I am
not sure how I check this?

Okay, well as you can see, I am at a dead end!

Any advice would be much appreciated, 

Jilly



--=-9NhjSVQhojlk+mCXKduE
Content-Type: text/html; charset=utf-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
  <META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
  <META NAME="GENERATOR" CONTENT="GtkHTML/1.0.4">
</HEAD>
<BODY>
Hi everyone,
<BR>

<BR>
I am stuck with my snort installation!
<BR>
So far nobody has been able to help me resolve this, I don't know how many of you are familiar with snort but I am hoping some of you might have a few ideas..
<BR>

<BR>
I am at the stage the stage where I am adding the sensor agent, the information I am typing in is as follows:
<BR>

<BR>
enable sensor - ticked yes
<BR>
sensor name - snort
<BR>
sensor ip - 192.168.0.2
<BR>
sensor port - 2525
<BR>
username - admin
<BR>
password - ******
<BR>
Sensor Agent Type - snort centre agent v1 (ssl enabled)
<BR>
Interface name to sniff - eth0
<BR>
Snort command line - -U -o
<BR>

<BR>
Now, when I go to view sensor it says this:
<BR>

<BR>
snort -&gt;eth0 Can't Connect to 192.168.0.2:2525 Retry Connecting
<BR>

<BR>
Sensor Message sh: line 1: curl: command not found
<BR>

<BR>
I have tried a few variations on the sensor - such as using jt.mandrake (my hostname), 127.0.0.1, etc. I have also put an extra ethernet card in and tried using that but it shouldn't and didn't make a difference.
<BR>

<BR>
Now, when i go to <A HREF="https://localhost:2525/">https://localhost:2525/</A>
<BR>

<BR>
i find this error:
<BR>

<BR>
Current config file error:
<BR>
sh: line 1: /usr/sbinsnort: No such file or directory
<BR>

<BR>
So to me it looks like when i went through the setup.sh script i should have entered &quot;/usr/sbin/snort&quot; rather than &quot;/usr/sbin&quot; 
<BR>

<BR>
So....
<BR>
It doesn't let me run setup.sh again (so I can correct the path) as it just says its already installed. 
<BR>
Presumably the place where it defines the path is in the snesoragent/conf/config, however, when I go into the conf directory, no config file is showing up?!
<BR>

<BR>
I have tried some other things such as 
<BR>

<BR>
ln -s /usr/sbin/snort /usr/sbinsnort 
<BR>

<BR>
I have also installed the last stable version of curl in case that is it, but nothing changed, though someone suggested I should make sure it is installed on the management console and is in my path - though I am not sure how I check this?
<BR>

<BR>
Okay, well as you can see, I am at a dead end!
<BR>

<BR>
Any advice would be much appreciated, 
<BR>

<BR>
Jilly
<BR>

<BR>

</BODY>
</HTML>

--=-9NhjSVQhojlk+mCXKduE--