Data of the Asus sloten machine and Snort during a crawl. Re: I am Mahdi Cherif the owner of the Q6060 intel and the machine with chassis a6000/a6561.af/Prod # KX648AA-ABF/S.N CZX8254POS and the owner

Dear Support, Please find attached extra log for the Asus stolen machine and Snort during a crawl. Thanks. Mahdi Cherif. Vaizone. On 4/29/21, Cherif Mahdi wrote: > Dear support, > > I bought in 2005, I think, the machine hp Q6060 intel and the machine with > chassis a6000/a

Re: debian snort and systemd bug?

Eero Volotinen wrote: > Any clue why systemctl start snort is not running start section of init > script? (if start is already run once?) Don't use the snort package from the Debian repository, it is ancient (last upload was in 2015) and might as well be orphaned or better yet r

Re: debian snort and systemd bug?

On Wed, Nov 13, 2019 at 03:23:52PM +0200, Eero Volotinen wrote: >Hi, >Any clue why systemctl start snort is not running start section of init >script? (if start is already run once?) >For example, if snort daemon is killed then only way to start it is run >co

debian snort and systemd bug?

Hi, Any clue why systemctl start snort is not running start section of init script? (if start is already run once?) For example, if snort daemon is killed then only way to start it is run command systemctl restart snort Sounds like a bug? Eero

Re: AW: Snort IDS

Quoting Mattia (2019-09-18 18:53:47) > thanks for all the answers. > > On Wed, 18 Sep 2019 09:55:27 +, Hans Ullrich >  wrote: > > Hi Mattia, > > snort is a great tool, and I am using it since a long time. I do not know, > > if snort is still maintained

Re: AW: Snort IDS

Hello, thanks for all the answers. On Wed, 18 Sep 2019 09:55:27 +, Hans Ullrich  wrote: Hi Mattia, snort is a great tool, and I am using it since a long time. I do not know, if snort is still maintained by debian, but there is a successor which is called "suricata". Suricata

Re: Snort IDS

On 9/18/2019 11:46 AM, Mattia wrote: > Hello, > > I have some problems with snort on debian that are already been reported > but the current maintainer seems not active. > For what I found online it seems that snort is the most used IDS, so I > find it quite odd that it's n

Re: Snort IDS

Mattia: > > I have some problems with snort on debian that are already been reported but > the current maintainer seems not active. > For what I found online it seems that snort is the most used IDS, so I find > it quite odd that it's not maintained in Debian. Looking

AW: Snort IDS

Hi Mattia, snort is a great tool, and I am using it since a long time. I do not know, if snort is still maintained by debian, but there is a successor which is called "suricata". Suricata is in the debian repo, and it shall better work with the ressources (for example it is spli

Snort IDS

Hello, I have some problems with snort on debian that are already been reported but the current maintainer seems not active. For what I found online it seems that snort is the most used IDS, so I find it quite odd that it's not maintained in Debian. Is this still true? Do you guys use i

Re: latest snort for debian stable

Eero Volotinen wrote: > Is there any reliable source that offers latest 2.9.x snort for debian 10? > Or instructions how to package it. compiling snort from source does not > sound good solution. Because of the constant updates by upstream to snort and its rules files, it really is

latest snort for debian stable

Hi, Is there any reliable source that offers latest 2.9.x snort for debian 10? Or instructions how to package it. compiling snort from source does not sound good solution. thanks, Eero

Re: snort on ossim

p?section=Home in this mailing >>> list. >> >> Depends. What's to say that isn't marketing fluff and is vaguely relevant >> to Debian? > > Hi Ron, > > I have configured snort on ossim. ossim is based out of debian 5.0.4 > Is there a way to test

Re: snort on ossim

s to say that isn't marketing fluff and is vaguely relevant > to Debian? Hi Ron, I have configured snort on ossim. ossim is based out of debian 5.0.4 Is there a way to test snort and check events via the web admin interface.? Please suggest. Thanks and Regards, Kaushal -- To UNSUBSCRIBE, em

Re: snort on ossim

On 2010-03-24 20:59, Kaushal Shriyan wrote: Hi, can i discuss about ossim http://www.alienvault.com/community.php?section=Home in this mailing list. Depends. What's to say that isn't marketing fluff and is vaguely relevant to Debian? -- "History does not long entrust the care of freedom to

snort on ossim

Hi, can i discuss about ossim http://www.alienvault.com/community.php?section=Home in this mailing list. Thanks, Kaushal -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debia

Small snort/oinkmaster problem

Using snort & oinkmaster. How to restart snort when and only when the rules were changed? When googling I only found suggestions and the snort should not be restarted in vain, and I agree. But how to do that? oinkmaster does not return any special return codes, which would be useful. How do

Re: installing snort

On 19.2.2010 19:56, Jordan Metzmeier wrote: > So you are saying you have installed the snort-rules-default package > but the /etc/snort/rules/ directory remains missing? Doing something > manually could cause dpkg to not write the config files (although I > have typically only seen t

Re: installing snort

So you are saying you have installed the snort-rules-default package but the /etc/snort/rules/ directory remains missing? Doing something manually could cause dpkg to not write the config files (although I have typically only seen this when you delete a config file installed by a package and then

Re: installing snort

On 19.2.2010 19:33, Jari Fredriksson wrote: > On 19.2.2010 18:00, Jordan Metzmeier wrote: >> Sounds like you want the package snort-rules-default. This is in the >> Q/A section of /usr/share/doc/snort/README.Debian.gz. You should get >> familiar with searching the /usr/sh

Re: installing snort

On 19.2.2010 18:00, Jordan Metzmeier wrote: > Sounds like you want the package snort-rules-default. This is in the > Q/A section of /usr/share/doc/snort/README.Debian.gz. You should get > familiar with searching the /usr/share/doc directory for information > such as this. > meta-pa

Re: installing snort

Sounds like you want the package snort-rules-default. This is in the Q/A section of /usr/share/doc/snort/README.Debian.gz. You should get familiar with searching the /usr/share/doc directory for information such as this. Jordan Metzmeier On Fri, Feb 19, 2010 at 10:32 AM, Jari Fredriksson wrote

installing snort

aptitude install snort will not create /etc/snort.conf nor the rule files in /etc/snort/rules If I think that it should, am I wrong? Debian Lenny 32-bit with backports. -- http://www.iki.fi/jarif/ Consider well the proportions of things. It is better to be a young June-bug than an old bird

snort help

Hello I have two questions about Debian!The first one- two days ago I installed SNORT on Debian 5.0 and after that the lan card started working quite slow -SNORT was generating the lan traffic and now it's stuck.It works properly after changing the hole device and the settings themselves.

Re: Snort (debian (etch) always ago)

On Mon, Oct 27, 2008 at 10:40:03AM -0500, John Hasler wrote: > Teemu Likonen writes: > > However, it is possible to use newer software in Debian stable. You can > > do this by downloading a source package from Debian testing (or even > > unstable) and compile it in Debian stable. > > Better yet, g

Re: Snort (debian (etch) always ago)

Teemu Likonen writes: > However, it is possible to use newer software in Debian stable. You can > do this by downloading a source package from Debian testing (or even > unstable) and compile it in Debian stable. Better yet, get backported packages from where Debian devel

Re: Snort (debian (etch) always ago)

Márcio Luciano Donada (2008-10-27 09:28 -0200): > Because debian (etch) while still maintaining version 2.3.3. FreeBSD, > for example currunt already uses the version 2.8.2.2. Why not at least > debian stable places in the version 2.4, I have problems to update the > rules with the oinkmaster Deb

Re: Snort (debian (etch) always ago)

On Mon, Oct 27, 2008 at 09:28:35AM -0200, Márcio Luciano Donada wrote: > Hi list, > > Because debian (etch) while still maintaining version 2.3.3. FreeBSD, > for example currunt already uses the version 2.8.2.2. Why not at least > debian stable places in the version 2.4, I have problems to update t

Re: Snort (debian (etch) always ago)

Márcio Luciano Donada wrote: Hi list, Because debian (etch) while still maintaining version 2.3.3. FreeBSD, for example currunt already uses the version 2.8.2.2. Why not at least debian stable places in the version 2.4, I have problems to update the rules with the oinkmaster thnx. try using

Re: Snort (debian (etch) always ago)

Márcio Luciano Donada escreveu: > Hi list, > > Because debian (etch) while still maintaining version 2.3.3. FreeBSD, > for example currunt already uses the version 2.8.2.2. Why not at least > debian stable places in the version 2.4, I have problems to update the > rules with the oinkmaster > Yo

Snort (debian (etch) always ago)

Hi list, Because debian (etch) while still maintaining version 2.3.3. FreeBSD, for example currunt already uses the version 2.8.2.2. Why not at least debian stable places in the version 2.4, I have problems to update the rules with the oinkmaster thnx. -- Márcio Luciano Donada Aurora Alimentos

Re: Libcap problem in Snort installation

Alejandro wrote: Dear all, I have a Debian Etch system. After I download the Snort 2.6 tarball and I do tar -xzvf, I execute "./configure --with-mysql" and I get this error message: ERROR! Libpcap library/headers not found, go get it from http://www.tcpdump.org or use the --wi

Libcap problem in Snort installation

Dear all, I have a Debian Etch system. After I download the Snort 2.6 tarball and I do tar -xzvf, I execute "./configure --with-mysql" and I get this error message: ERROR! Libpcap library/headers not found, go get it from http://www.tcpdump.org or use the --with-libpcap-* optio

Re: Debian snort package

Mario de Frutos Dieguez wrote: Hi everyone! is there any option to give prelude support to debian snort package? I don't understand your question. Please clarify. Thank you! - -- ** FUNDACIÓN C

Debian snort package

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi everyone! is there any option to give prelude support to debian snort package? Thank you! - -- ** FUNDACIÓN CARTIF MARIO DE FRUTOS DIEGUEZ - Email: [EMAIL

Re: Fwd: [Snort-users] Debian, Snort, Barnyard, BASE, & Oinkmaster Step-by-Step Guide

On Thu, Apr 20, 2006 at 05:56:07PM -0400, Andy Firman wrote: > > > Hi, > > Recently I wrote a very detailed Snort setup guide based > on Debian and posted to the snort-users list. I thought > it would be nice to post this to the debian-users list > so others can bui

Fwd: [Snort-users] Debian, Snort, Barnyard, BASE, & Oinkmaster Step-by-Step Guide

Hi, Recently I wrote a very detailed Snort setup guide based on Debian and posted to the snort-users list. I thought it would be nice to post this to the debian-users list so others can build their own IDS systems based on Debian. The latest guide is here: http://snort.org/docs/setup_guides

Re: snort: dropping packages from skype

d me that there > is some kindda dynamic ports for each call done by the skype. > I've heard that snort should solve this problem. If so, can somebody > let me know how? Would it have any article about this problem? How are your users able to install software to begin with? Curiously, -

snort: dropping packages from skype

I've heard that snort should solve this problem. If so, can somebody let me know how? Would it have any article about this problem? Best regards, Romulo Sousa

Re: snort question

On 3/4/06, Jude DaShiell <[EMAIL PROTECTED]> wrote: > It appears oinkmaster may not be useable. Running it to download new > rules fails with an error 404 in the wget-log file. That or perhaps it's > necessary to give it a specific rules file to download may be necessa

snort question

It appears oinkmaster may not be useable. Running it to download new rules fails with an error 404 in the wget-log file. That or perhaps it's necessary to give it a specific rules file to download may be necessary. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscrib

Interpreting Snort results

I've installed Snort on my Debian desktop (as recommended on the Debian security advice page) but am not sure how to interpret the emails it is sending through. Here's a typical morning email - does this look like anything to worry about? (I'm already running the Firestarter

sendmail triggers "portsweep" in snort?

Hello list, just installed snort out of curiosity on my network with the plain debian default rules. In the reports generated I found one of my sendmail servers doing portsweeps to remote adresses adresses. Upon further investigation I found out that the destination of each occured portsweep

updating snort rules

Hello all, Just installed snort along with "snort-rules-default". Is there a "debian" way of keeping the rules up to date? Thanks, -Jason

Re: Snort Messages may not be Telling Me Much.

Martin wrote: > I've got snort installed and running on Debian3.0. It runs > fine but I never get any thing in the report Emails that I receive > each day. You should upgrade to Snort 2.x, so you can get signatures updates. Snort is not really useful without recent sign

Re: Snort Messages may not be Telling Me Much.

David Mandelberg writes: >I'm having the same problem. From what I hear, a solution has something >to do with acidlab, but I'm not sure. Thanks. I have another Linux system at work running the same version and I noticed it also has the same problem. Martin McCormick -- To UNSUBSCRIBE,

Re: Snort Messages may not be Telling Me Much.

I'm having the same problem. From what I hear, a solution has something to do with acidlab, but I'm not sure. Martin McCormick wrote: > I've got snort installed and running on Debian3.0. It runs > fine but I never get any thing in the report Emails that I receive >

Snort Messages may not be Telling Me Much.

I've got snort installed and running on Debian3.0. It runs fine but I never get any thing in the report Emails that I receive each day. The messages have a suspiciously empty look to them like a form that should be filled in but isn't. I have run snort in the past in a fully

RE: snort logging in mysql on Debian!

It's a bug in 'dpkg-reconfigure snort-mysql' for woody. I installed Sarge and its works in it. Thanks for the help. -Nabil. -Original Message- From: Mike Mestnik [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 17, 2004 5:58 PM To: Nabil MALIK / KTEFH - OTAS; [

Re: snort logging in mysql on Debian!

--- [EMAIL PROTECTED] wrote: > > Fellows, > > Can you guide me or point me to some document(s) that would allow me to /usr/share/doc// http://localhost/doc/ > setup snort/acid on Debian. I am especially interested on running snort > and acid (apache/mysql etc) on the same

snort logging in mysql on Debian!

Fellows, Can you guide me or point me to some document(s) that would allow me to setup snort/acid on Debian. I am especially interested on running snort and acid (apache/mysql etc) on the same machine. If you have time, here is the problem that I am facing... I am not able to log into mysql. I

NFS file copy vs. snort ???

One of my main systems is connected to several NFS v3 servers; and, this box also runs snort. Copies, like the following examples, are excruciatingly slo-o-o-o-w-w-w, especially when the file is large (e.g., 250 MiB.) cp -a /remote/tmp/* . cp -a * /remote/tmp/ By `slow', I

Re: Snort default config ?

On Thu, Aug 26, 2004 at 10:27:33AM -0500, Lance Hoffmeyer wrote: > Installed snort the other day and I am getting daily reports > from the default setup. I did nothing but install. > > So, is there anything I should/need do to this default config > for simple monitoring or/and

Snort default config ?

Installed snort the other day and I am getting daily reports from the default setup. I did nothing but install. So, is there anything I should/need do to this default config for simple monitoring or/and a bit of added security or is the default config adequate? I know this is a loaded

Stateful packet capture with tcpdump or snort

f the SMTP connection -- one issues HELO and the other says "No, you can't say "DATA" at this point. So, first what I'd like is to capture ALL packets in a given STMP session (well ones with a payload -- flags AP in snort) ONLY when the session is initiated by one of the MTAs.

interpreting output of SNORT

Hello Can someone please take a look at my latest snort report and advise me on a course of action I cleaned a SuckIT rootkit off of my system the other day (I think I got infected last Sunday). Does the snort log indicate attempts at another hack, or that I still have a problem on my box

Problems with SNORT

Hi all I have been using snort for months, but configurating the new release 2.1.1.1-1 (with Sage) gave the folowwing error in my /var/log/daemon file : FATAL ERROR unknown preprocessor " ]^\^H_decode" after lot of tests, I ended to uninstall all the packages (snort, snort-common, s

Re: iptables and snort

On Thu, 2004-03-18 at 22:36, Col @ Home wrote: > Hi, > > Am trying to set up a firewall on a Debian linux machine using > iptables. New > to linux, can anybody point me in the direction of > a good guide to configuring a firewall using iptables? > > I also want to get

Re: iptables and snort

On Thu, 18 Mar 2004, Col @ Home wrote: > Am trying to set up a firewall on a Debian linux machine using > iptables. New to linux, can anybody point me in the direction of a > good guide to configuring a firewall using iptables? If you want to know how to build your own ruleset and how to install

Re: iptables and snort

Benedict Verheyen wrote: - Original Message - From: Col @ Home To: [EMAIL PROTECTED] Sent: Thursday, March 18, 2004 10:36 PM Subject: iptables and snort Hi, Am trying to set up a firewall on a Debian linux machine using iptables. New to linux, can anybody point me in the direction of a

Re: iptables and snort

>- Original Message - >From: Col @ Home >To: [EMAIL PROTECTED] >Sent: Thursday, March 18, 2004 10:36 PM >Subject: iptables and snort > > >Hi, > >Am trying to set up a firewall on a Debian linux machine using iptables. New >to linux, can anybody point me in

Re: iptables and snort

/usr/share/doc/iptables IIRC. should be on tldp.org also. > I also want to get snort and acidlab going. Any help on that would be > appreciated as well. I've tried snort. apt-get install snort worked fine for me. Don't know any more. Ethereal is another option. My knowedge is as for snor

iptables and snort

Hi,Am trying to set up a firewall on a Debian linux machine using iptables. Newto linux, can anybody point me in the direction ofa good guide to configuring a firewall using iptables?I also want to get snort and acidlab going. Any help on that would beappreciated as well.I am a bit paranoid

Re: snort

Hi! I've figured out the problem. There is a script in cron.daily called 5snort and it searches /var/log/auth.log for snort reports, not /var/log/snort/sth. Therefore you need to have snort configured to send alert messages also to syslog. You have to edit /etc/init.d/snort and add an '

Re: snort

On Monday 08 March 2004 13:27, Nejc Novak shoved this in my mailbox: > Hi! > > I have installed snort on debian stable. Snort sends me e-mail report, but > it is empty. I believe it has sth to do with logrotate, but i don't know > how to fix it. Help please. Check in your cro

snort

Hi! I have installed snort on debian stable. Snort sends me e-mail report, but it is empty. I believe it has sth to do with logrotate, but i don't know how to fix it. Help please. Thanks.. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble?

snort install script snafu

Hi. I'm setting up a Woody box, getting the following errors on configuration of the snort package. The debian bug tracker doesn't show this issue, but lists enough other bugs that I'm wondering whether to bother. Any advice appreciated. Setting up snort (1.8.4beta1-3) ... Barew

Re: snort on router - risks?

Jeffrey L. Taylor wrote: Quoting Marcus Schopen <[EMAIL PROTECTED]>: Hi, on my DSL-router (masqurading) at home I'd like to install snort to see who attacks me from the internet side. I know that one should install snort on a seperate hosts before and behind the firewall to g

Re: snort on router - risks?

Jeffrey L. Taylor wrote: Quoting Marcus Schopen <[EMAIL PROTECTED]>: Hi, on my DSL-router (masqurading) at home I'd like to install snort to see who attacks me from the internet side. I know that one should install snort on a seperate hosts before and behind the firewall to g

Re: snort on router - risks?

Quoting Marcus Schopen <[EMAIL PROTECTED]>: > Hi, > > on my DSL-router (masqurading) at home I'd like to install snort to see > who attacks me from the internet side. I know that one should install > snort on a seperate hosts before and behind the firewall to get the

snort on router - risks?

Hi, on my DSL-router (masqurading) at home I'd like to install snort to see who attacks me from the internet side. I know that one should install snort on a seperate hosts before and behind the firewall to get the best results, but this is just my little "home net" and I don&#x

snort - ip in report don't appear in log

I get a daily report from snort which claims all sort of ICMP Destination Unreachable (Communication Administratively Prohibited) and (spp_portscan2) Portscan detected from 132.66.40.250: 21 targets 21 ports in 1 seconds The IPs appearing in this report don't apear in any of the /var/log/{mes

Re: cannot start snort ???

Also sprach Jeffrey L. Taylor (Wed 11 Jun 02003 at 11:18:10AM -0500): > Quoting Michael D. Schleif <[EMAIL PROTECTED]>: > [snip] > > However, I *cannot* start snort! It is not running and I do not know > > how to debug this one. > > > > What do you think? &

Re: cannot start snort ???

Quoting Michael D. Schleif <[EMAIL PROTECTED]>: [snip] > However, I *cannot* start snort! It is not running and I do not know > how to debug this one. > > What do you think? > First check the syslogs for any errors. Some will get logged, some will just quietly kill Sn

cannot start snort ???

I just upgraded snort the other day: # sudo snort -V -*> Snort! <*- Version 2.0.0 (Build 72) By Martin Roesch ([EMAIL PROTECTED], www.snort.org) It appeared to startup OK; but, I never got any log activity nor daily report. So, I checked: ps aux

Re: snort log has a bunch of different attacks - should I be worried

Shri Shrikumar said: > Thanks nate. Is there a site which lists these things in more detail so I > know if the ones that show up are safe or not. http://www.whitehats.com/ids/ is the only one I know of nate -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Tro

Re: snort log has a bunch of different attacks - should I be worried

On Saturday 08 March 2003 8:40 am, Shri Shrikumar wrote: > Re: snort log has a bunch of different attacks - should I be worried > From: Shri Shrikumar <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > > On Sat, 2003-03-08 at 15:54, nate wrote: > > Shri Shrikumar said: >

Re: snort log has a bunch of different attacks - should I be worried

On Sat, 2003-03-08 at 15:54, nate wrote: > Shri Shrikumar said: > > Hello, > > > > I have been running a server for a few months now for a hobby site and had > > installed snort. I have reports of a whole range of attacks on the server > > IP including > &

Re: snort log has a bunch of different attacks - should I be worried

Shri Shrikumar said: > Hello, > > I have been running a server for a few months now for a hobby site and had > installed snort. I have reports of a whole range of attacks on the server > IP including in default configuration snort will detect about 97-99% false positives as fa

snort log has a bunch of different attacks - should I be worried

Hello, I have been running a server for a few months now for a hobby site and had installed snort. I have reports of a whole range of attacks on the server IP including The distribution of attack methods === # of %attacks method

Snort question: snort.debian.conf and snort.conf's home_net

I was going to set up snort on the firewall that I'm using, but I was a bit dumbfounded by the fact that dpkg seems to make a config file called snort.debian.conf that has a home_net and snort.conf has it's own home_net. My question is, should I set the home_net both to the exter

Snort installation

I've been working on installing and setting up snort-mysql on a server tonight, and noticed that the default apt-get installation leaves snort unable to run. It appears that when I did a chmod o-rwx /etc/snort/snort.conf it made it so that snort couldn't read it's own config f

RE: Upgrade to Snort 1.9.0

fakeroot > $ cd .../src > $ apt-get source snort > $ cd snort-1.9.0 > $ debuild > > That will create a package in .../src, which you can then install: > > # dpkg -i .../src/snort_1.9.0*deb > > -- > Oliver Elphick > [EMAIL PROTECT

Re: Upgrade to Snort 1.9.0

On Fri, 2003-01-03 at 18:55, Oliver Elphick wrote: > If you don't want to pull in the dependencies, you will have to build it > from source, something like this: > > # apt-get devscripts fakeroot I forgot to mention that this needs a source entry for unstable in /etc/apt/sources.list, such as: d

Re: Upgrade to Snort 1.9.0

Stefan Drees, 2003-Jan-03 19:29 +0100: > Hello, > i´m working with debian since three months (coming from suse) and its great. > But now i need to upgrade snort 1.8.7 (from testing) to 1.9.0 because there > are no more rule files for 1.8.X. > > So i have looked in unstable and

Re: Upgrade to Snort 1.9.0

On Fri, 2003-01-03 at 18:29, Stefan Drees wrote: > Hello, > im working with debian since three months (coming from suse) and its great. > But now i need to upgrade snort 1.8.7 (from testing) to 1.9.0 because there > are no more rule files for 1.8.X. > > So i have looked in unst

Upgrade to Snort 1.9.0

Hello, i´m working with debian since three months (coming from suse) and its great. But now i need to upgrade snort 1.8.7 (from testing) to 1.9.0 because there are no more rule files for 1.8.X. So i have looked in unstable and found out, that i must upgrade to libpcap 0.7, libc6-2.2.5-13 and

Re: Snort Remove errors

On Tue, Dec 24, 2002 at 01:09:51PM -0700, Dana J. Laude wrote: > Removing snort ... > /etc/init.d/snort: var: command not found > dpkg: error processing snort (--remove): > subprocess pre-removal script returned error exit status 127 Please file a bug report about this. Cheers

Re: Snort Remove errors

Dana J. Laude said: > Greetings everyone. > > I'm having trouble removing the snort package. Here's the info: > /etc/init.d/snort: var: command not found I would reinstall it and remove it again. if that error comes up check out that script for any occurances of 'var&

Snort Remove errors

Greetings everyone. I'm having trouble removing the snort package. Here's the info: --- Building Dependency Tree... Done The following packages will be REMOVED: snort snort-common snort-rules-default 0 packages upgraded, 0 newly installed, 3 to remove and 0 not upgraded. 1 packages

Snort+PostgreSQL won't work?

I tried to play a little bit with snort and postgres, but i can't get them to work. I installed snort-pgsql and created the tables as described in the little howto: http://www.kellys.net/snort/. After a restart of the snort system, it fails to output the data to the database: Oct 29 16:

Snort: TCP CHECKSUM CHANGED ON RETRANSMISSION

Hi, My Snort logs often contain the message indicated in the subject. I have a NAT setup to connect my home network to the DSL line. Does this message mean that there is a problem somewhere or is it a sideeffect of the NAT setup? Many thanks for your help in advance! regards, Balazs -- To

Woody Snort alerts records portscans but not in portscan.log

Any thoughts on why portscans are showing up in the alert log but not the portscan log? Thanks. -- = http://www.sun.com/service/sunps/jdc/javacenter.pdf= =www.sun.com | www.javasoft.com | http://wwws.sun.com/

Snort Installation

Hi , I got the acid main page but got problems - I created my database snortdb - Executed the installation script found in /usr/doc/snort-mysql/contrib/create_mysql - Installed Acid but when i select some links i have this Query execution error: Unknown column 'ip_src0' in &

Re: Snort on Debian - no alerts? no reports?

On Mon, 2002-06-24 at 07:53, T. wrote: > Hi, > > Debian Unstable > snort: > Installed: 1.8.6-3 > Candidate: 1.8.6-3 > > I have installed snort and I'm getting no email alerts, and the daily > reports are blank. The version of snort-stat that is packaged wit

Snort on Debian - no alerts? no reports?

Hi, Debian Unstable snort: Installed: 1.8.6-3 Candidate: 1.8.6-3 I have installed snort and I'm getting no email alerts, and the daily reports are blank. Once a day I get an email report from snort which is basically blank, here is the top part of it: Subject: snort daily report Th

Blank messages from root (sent by snort)

I keep getting blank messages sent from root ... I did a little digging around and found out that these are sent by /etc/cron.daily/5snort. I think this is debian specific, since it gets my e-mail address from /etc/snort/snort.debian.conf. The variable is DEBIAN_SNORT_STATS_RCPT, and the

Blank messages from root (sent by snort)

I keep getting blank messages sent from root ... I did a little digging around and found out that these are sent by /etc/cron.daily/5snort. I think this is debian specific, since it gets my e-mail address from /etc/snort/snort.debian.conf. The variable is DEBIAN_SNORT_STATS_RCPT, and the

snort-mysql and xml output

Hi, I have a Woody system with snort-mysql 1.8.4beta1-2 installed. My snort.conf contains (among others) the following lines: === output alert_fast: alert output xml: alert, file=/perl/snort.pl protocol=http host=localhost port=80 === I can call http://localhost/perl/snort.pl and OK

snort problems

Hi! I have been using snort for a while now, and I noticed, that it does not send the daily status mails any more. All I get is an empty email - just the headers without the content. Also snort is really paranoid, it lists every single thing - too paranoid in my opinion. Is there a way to stop it

  1   2   >