Snort (Intrusion Detection System) FAILED

yuex · April 28, 2009 at 12:20 PM

Snort (Intrusion Detection System) not working...

/etc/init.d/snort restart FAILED

How to fix

Thanks

ffischer · April 28, 2009 at 12:31 PM Official Post

Need some more information

maybe if exist, post the Logfile /var/log/snort

greets

yuex · April 28, 2009 at 12:49 PM

/var/log/snort/snort.log.1240849907

http://rapidshare.com/files/226680475/snort.log.rar

Thank you very much

ffischer · April 28, 2009 at 12:56 PM Official Post

Cant read file correct.

Code

ÔÃ??          ê     ûÝõI&U >   >   E  >Á@ ~
?
P?,Ï~e'µzÌ? =Õð?PÿTµ_  ã   X5	1?Xz,óç?aÝÅO>üÝõIX? >   >   E  >Ý@ ~
?
P?,Ï~e'µzÌ? =ÕðþPÿ
µR  ã   O5	1?Xz,óç?aÝÅO>þÝõIh >   >   E  >)@ ~
o

please Post var/log/snort "alert" file and var/log/messages

yuex · April 28, 2009 at 1:02 PM

okey

http://rapidshare.com/files/226684683/endian.rar

ffischer · April 28, 2009 at 1:10 PM Official Post

think you have a problem with your Firewall

much entrys with

Code

Apr 28 06:19:12 firewall syslog-ng[1235]: Error opening file for writing; filename='/var/log/firewall', error='Is a directory (21)'

Check your snort Config,
uncheck all Network and try to use only "red"

what kind of firewall Appliance .. Ccommunity ? Wich version?

yuex · April 28, 2009 at 1:39 PM

Endian Firewall Community release 2.2.rc3

not working again

I am send to snort.conf

ffischer · April 28, 2009 at 1:42 PM Official Post

on wich Network you have snort enabled ?
on all.
maybe try to check if any interface do this Problem.