[Gloucs] Snort!

Gareth Bromley gloucs at mailman.lug.org.uk
Fri Apr 4 11:47:00 2003


On 1 Apr 2003, Jill Tovey wrote:
> I am at the stage the stage where I am adding the sensor agent, the
> information I am typing in is as follows:
> enable sensor - ticked yes
> sensor name - snort
> sensor ip - 192.168.0.2
> sensor port - 2525
> username - admin
> password - ******
> Sensor Agent Type - snort centre agent v1 (ssl enabled)
> Interface name to sniff - eth0
> Snort command line - -U -o
OK, what version of Snort are you running, what addons and what Linux
platform.

> Now, when I go to view sensor it says this:
> snort ->eth0 Can't Connect to 192.168.0.2:2525 Retry Connecting
What package is this in?

> Sensor Message sh: line 1: curl: command not found
Looks like a PATH setting problem or lack of curl on your platform.

> I have tried a few variations on the sensor - such as using jt.mandrake
> (my hostname), 127.0.0.1, etc. I have also put an extra ethernet card in
> and tried using that but it shouldn't and didn't make a difference.
How many network cards do you have in your Snort sensor?

Using only 1 leaves it open to direct network attack, and you should use a
seperate promisc card unaddressed to sniff the network.

> Now, when i go to https://localhost:2525/
> i find this error:
> Current config file error:
> sh: line 1: /usr/sbinsnort: No such file or directory
Again what tool are you using?

Cheers

Gareth