[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

snort no reporta alertas

Señores estoy tratando de hacer jalar snort en su ultima version
para X64 , lo he configurado siguiendo un howto del mero
site snort.org  , a la hora de ver registros o de intentos
de sospechas con base la aplicacion web no muestra nada , ejecuto el
comando desde el
terminal snort -c /etc/snort/snort.conf pero solo muestra el trafico
que esta leyendo y no ingresa nada a la bd, es mas el BASE, me muestra
 que hay 3 sensores pero no esta activo o no esta enviando
informacion, no se que me puede saltar o que estara pasando, les
agradezco cualquier colaboracion.

esto es lo que me sale cuando ejecuto el snort

ule application order:
activation->dynamic->pass->drop->sdrop->reject->alert->log
Verifying Preprocessor Configurations!
ICMP tracking disabled, no ICMP sessions allocated
pcap DAQ configured to passive.
Acquiring network traffic from "eth0".
Reload thread starting...
Reload thread started, thread 0x42090940 (9278)
Decoding Ethernet
WARNING: normalizations disabled because DAQ can't replace packets.
database: compiled support for (mysql)
database: configured to use mysql
database: schema version = 107
database:           host = localhost
database:           user = snortmen
database:  database name = snort
database:    sensor name = 2.0.0.0
database:      sensor id = 1
database:  data encoding = hex
database:   detail level = full
database:     ignore_bpf = no
database: using the "log" facility

      --== Initialization Complete ==--

 ,,_     -*> Snort! <*-
 o"  )~   Version 2.9.1.2 IPv6 GRE (Build 84)
 ''''    By Martin Roesch & The Snort Team:
http://www.snort.org/snort/snort-team


         Rules Engine: SF_SNORT_DETECTION_ENGINE  Version 1.15  <Build 18>
         Preprocessor Object: SF_DNS (IPV6)  Version 1.1  <Build 4>
         Preprocessor Object: SF_SSLPP (IPV6)  Version 1.1  <Build 4>
         Preprocessor Object: SF_IMAP (IPV6)  Version 1.0  <Build 1>
         Preprocessor Object: SF_SMTP (IPV6)  Version 1.1  <Build 9>
         Preprocessor Object: SF_FTPTELNET (IPV6)  Version 1.2  <Build 13>
         Preprocessor Object: SF_SSH (IPV6)  Version 1.1  <Build 3>
         Preprocessor Object: SF_SIP (IPV6)  Version 1.1  <Build 1>


alguna idea que pueda hacer lista , x cierto felices fiestas !

-- 
rickygm

http://gnuforever.homelinux.com
Reply to: