Menu
▾
▴
[Os-sim-support] snort on ossim
|
From: Kaushal S. <kau...@gm...> - 2010-04-01 16:55:07
|
Hi, I am testing snort on ossim. I have added a basic rule under /etc/snort/rules/local.rules and restarted the snort daemon server. alert icmp any any -> 192.168.1.1 any (sid:1000000; rev:1; msg: "Oh snap it's a ping";) >From the client host i did ping 192.168.1.1 but i could not see any events or alert under snort logs. Also on the OSSIM Admin web interface i could not see any events Under /var/log/snort/ I dont see anything -rw-r----- 1 snort adm 0 2010-03-17 19:38 snort_eth1.1268879936 -rw-r----- 1 snort adm 0 2010-03-18 00:33 snort_eth1.1268897623 -rw-r----- 1 snort adm 0 2010-03-18 00:35 snort_eth1.1268897717 -rw-r----- 1 snort adm 0 2010-03-23 00:46 snort_eth1.1269330408 -rw-r----- 1 snort adm 0 2010-03-23 04:32 snort_eth1.1269343945 -rw-r----- 1 snort adm 0 2010-03-23 04:38 snort_eth1.1269344305 -rw-r----- 1 snort adm 0 2010-03-23 04:42 snort_eth1.1269344567 -rw-r----- 1 snort adm 0 2010-03-24 00:42 snort_eth1.1269416522 -rw-r----- 1 snort adm 0 2010-04-01 08:47 snort_eth1.1270136823 Please suggest/guide. Thanks and Regards, Kaushal |
