Snort does not work on 1.5.061300 {bug report 1} [CLOSED]

All about Snort integration in Artica

Snort does not work on 1.5.061300 {bug report 1} [CLOSED]

New postby Friend7 » Mon Jun 13, 2011 3:44 pm

Hello,

Snort does not work on 1.5.061300 for my network cards settings.
It fails automatic calculation.
Artica in on a VPS.

Code: Select all
[root@ns1 ~]# php /usr/share/artica-postfix/exec.snort.php --start
Starting......: Snort Daemon building configuration...
Starting......: Snort Daemon version 2.9.0.5 ()
Starting......: Snort Daemon HOME_NET
Starting......: Snort Daemon unable to stat snort_dynamicrules directory !!
Starting......: Snort Daemon adding rule attack-responses.rules
Starting......: Snort Daemon adding rule backdoor.rules
Starting......: Snort Daemon adding rule bad-traffic.rules
Starting......: Snort Daemon adding rule blacklist.rules
Starting......: Snort Daemon adding rule botnet-cnc.rules
Starting......: Snort Daemon adding rule chat.rules
Starting......: Snort Daemon adding rule content-replace.rules
Starting......: Snort Daemon adding rule ddos.rules
Starting......: Snort Daemon adding rule deleted.rules
Starting......: Snort Daemon adding rule dns.rules
Starting......: Snort Daemon adding rule dos.rules
Starting......: Snort Daemon adding rule experimental.rules
Starting......: Snort Daemon adding rule exploit.rules
Starting......: Snort Daemon adding rule finger.rules
Starting......: Snort Daemon adding rule ftp.rules
Starting......: Snort Daemon adding rule icmp-info.rules
Starting......: Snort Daemon adding rule icmp.rules
Starting......: Snort Daemon adding rule imap.rules
Starting......: Snort Daemon adding rule info.rules
Starting......: Snort Daemon adding rule local.rules
Starting......: Snort Daemon adding rule misc.rules
Starting......: Snort Daemon adding rule multimedia.rules
Starting......: Snort Daemon adding rule mysql.rules
Starting......: Snort Daemon adding rule netbios.rules
Starting......: Snort Daemon adding rule nntp.rules
Starting......: Snort Daemon adding rule oracle.rules
Starting......: Snort Daemon adding rule other-ids.rules
Starting......: Snort Daemon adding rule p2p.rules
Starting......: Snort Daemon adding rule phishing-spam.rules
Starting......: Snort Daemon adding rule policy.rules
Starting......: Snort Daemon adding rule pop2.rules
Starting......: Snort Daemon adding rule pop3.rules
Starting......: Snort Daemon adding rule rpc.rules
Starting......: Snort Daemon adding rule rservices.rules
Starting......: Snort Daemon adding rule scada.rules
Starting......: Snort Daemon adding rule scan.rules
Starting......: Snort Daemon adding rule shellcode.rules
Starting......: Snort Daemon adding rule smtp.rules
Starting......: Snort Daemon adding rule snmp.rules
Starting......: Snort Daemon adding rule specific-threats.rules
Starting......: Snort Daemon adding rule spyware-put.rules
Starting......: Snort Daemon adding rule sql.rules
Starting......: Snort Daemon adding rule telnet.rules
Starting......: Snort Daemon adding rule tftp.rules
Starting......: Snort Daemon adding rule virus.rules
Starting......: Snort Daemon adding rule voip.rules
Starting......: Snort Daemon adding rule web-activex.rules
Starting......: Snort Daemon adding rule web-attacks.rules
Starting......: Snort Daemon adding rule web-cgi.rules
Starting......: Snort Daemon adding rule web-client.rules
Starting......: Snort Daemon adding rule web-coldfusion.rules
Starting......: Snort Daemon adding rule web-frontpage.rules
Starting......: Snort Daemon adding rule web-iis.rules
Starting......: Snort Daemon adding rule web-misc.rules
Starting......: Snort Daemon adding rule web-php.rules
Starting......: Snort Daemon adding rule x11.rules
Starting......: Snort Daemon Testing configuration....
Starting......: Snort Daemon testing config success
Starting......: Snort Daemon building configuration done...
Starting......: Snort Daemon for Interface "venet0"...
Starting......: Snort Daemon for Interface "venet0" success PID 1747
[root@ns1 ~]#




Image
Best Regards,
Friend7
 
Posts: 2373
Joined: Sun Feb 06, 2011 3:41 pm
Artica servers number: 1
Linux System: Debian
Technical skills: A newbee

Re: Snort does not work on 1.5.061300 {bug report 1} [OPEN]

New postby admin » Mon Jun 13, 2011 6:56 pm

go into parameters section, you should have 2 tables filled, if not upgrade to latest nightly and add at least one network.
2011-06-13_205523.png
2011-06-13_205523.png (68.17 KiB) Viewed 5885 times
User avatar
admin
Site Admin
 
Posts: 11946
Joined: Wed Oct 17, 2007 7:59 am
Location: France

Re: Snort does not work on 1.5.061300 {bug report 1} [OPEN]

New postby Friend7 » Mon Jun 13, 2011 9:25 pm

It does not work yet.

I upgraded to 1.5.061319 and I did not have any table filled.

Image
Best Regards,
Friend7
 
Posts: 2373
Joined: Sun Feb 06, 2011 3:41 pm
Artica servers number: 1
Linux System: Debian
Technical skills: A newbee

Re: Snort does not work on 1.5.061300 {bug report 1} [OPEN]

New postby Friend7 » Mon Jun 13, 2011 9:48 pm

if you would like to access to server, I have sent you credentials by email.
port is open.
Best Regards,
Friend7
 
Posts: 2373
Joined: Sun Feb 06, 2011 3:41 pm
Artica servers number: 1
Linux System: Debian
Technical skills: A newbee

Re: Snort does not work on 1.5.061300 {bug report 1} [OPEN]

New postby admin » Mon Jun 13, 2011 11:52 pm

after investigations:
Code: Select all
Jun 13 17:29:02 ns1 snort[17739]: Commencing packet processing (pid=17739)
Jun 13 17:29:03 ns1 snort[17739]: Can't acquire (-1) - cooked-mode frame doesn't have room for sll header!


It seems that snort is unable to hook your network card in Xen configuration or something like that
espcially with CentOS that did not provide a freshed kernel !!! :evil: :evil:
http://seclists.org/snort/2011/q2/52
So your system is not compatible for Snort
remove it...
Topic closed...
User avatar
admin
Site Admin
 
Posts: 11946
Joined: Wed Oct 17, 2007 7:59 am
Location: France


Return to IDS with Snort

Who is online

Users browsing this forum: No registered users and 2 guests

cron