IDS con snort centOS 5.7 - discuss-es

8 Dec 2011


      Señores estoy tratando de hacer jalar snort en su ultima version
para centos 5.7 X64 , lo he configurado siguiendo un howto del mero
site snort.org para centos 5 , a la hora de ver registros de intento
de sospechas con base no muestra nada , ejecuto el comando desde el
terminal snort -c /etc/snort/snort.conf pero solo muestra el trafico
que esta leyendo y no ingresa nada a la bd, es mas el BASE, me muestra
 que hay 3 sensores pero no esta activo o no esta enviando
informacion, no se que me puede saltar o que estara pasando, les
agradezco cualquier colaboracion.
esto es lo que me sale cuando ejecuto el snort
ule application order:
activation->dynamic->pass->drop->sdrop->reject->alert->log
Verifying Preprocessor Configurations!
ICMP tracking disabled, no ICMP sessions allocated
pcap DAQ configured to passive.
Acquiring network traffic from "eth0".
Reload thread starting...
Reload thread started, thread 0x42090940 (9278)
Decoding Ethernet
WARNING: normalizations disabled because DAQ can't replace packets.
database: compiled support for (mysql)
database: configured to use mysql
database: schema version = 107
database:           host = localhost
database:           user = snortmen
database:  database name = snort
database:    sensor name = 2.0.0.0
database:      sensor id = 1
database:  data encoding = hex
database:   detail level = full
database:     ignore_bpf = no
database: using the "log" facility
--== Initialization Complete ==--
,,_     -*> Snort! <*-
  o"  )~   Version 2.9.1.2 IPv6 GRE (Build 84)
   ''''    By Martin Roesch & The Snort Team:
http://www.snort.org/snort/snort-team
           Copyright (C) 1998-2011 Sourcefire, Inc., et al.
           Using libpcap version 1.1.1
           Using PCRE version: 6.6 06-Feb-2006
           Using ZLIB version: 1.2.3
Rules Engine: SF_SNORT_DETECTION_ENGINE  Version 1.15  <Build 18>
           Preprocessor Object: SF_DNS (IPV6)  Version 1.1  <Build 4>
           Preprocessor Object: SF_SSLPP (IPV6)  Version 1.1  <Build 4>
           Preprocessor Object: SF_IMAP (IPV6)  Version 1.0  <Build 1>
           Preprocessor Object: SF_SMTP (IPV6)  Version 1.1  <Build 9>
           Preprocessor Object: SF_FTPTELNET (IPV6)  Version 1.2  <Build 13>
           Preprocessor Object: SF_SSH (IPV6)  Version 1.1  <Build 3>
           Preprocessor Object: SF_SIP (IPV6)  Version 1.1  <Build 1>
sldss
-- 
rickygm

http://gnuforever.homelinux.com