[Wolves] Snort Success!

Jono Bacon jono@kde.org
Sat Aug 24 03:50:01 2002


Heya feelow LUGites,

Well fellow LUGites, I have succeess to share with
you. I have (after much wittering on this list) set up
snort successfully on my laptop.

It was quite strange that snort was not working as I
had set it up as per the destructions on the snort
site. I then found the magical -T switch to provide a
report of how snort is working. I run snort with the
-T and the basic args for starting snort (snort -T -c
/etc/snort/snort.conf -v /var/log/snort -i eth0) and
lo and behold, when I portscanned my machine and send
a ping that was too large, it alerted it to me.

Most impresse I was, but confused also as to why the
daemon was not working properly. After some discussion
on #snort and some head scratching, it turns out that
some of the boot options in /etc/init.d/snort were
causuing snort not to listen to eth0 properly. I
removed the -H and -S option (by manually hacking
/etc/init.d/snort - will this mess up upgrading the
Debian package Aq?). I restarted snort and it works
fine.

Now I have got my spanky ACID installed on Apache so I
can see snort logs in a web browser that refreshes the
page. Good shit!

Chuffed I am, but a tear in my eye also as I need to
perform a combination of lugging, cleaning, working,
paintting, building and possibly crying tomorrow as we
continue the house move.

      Jono



=====
Jono Bacon - [vmlinuz] - jonoATkdeDOTorg
KDE Developer - Diary: http://www.advogato.org/person/jono/

__________________________________________________
Do You Yahoo!?
Yahoo! Finance - Get real-time stock quotes
http://finance.yahoo.com