I'm using snort in my ubuntu 14.04 virtual machine. This is how I installed snort.
sudo apt-get update
sudo apt-get install snort
I haven't change /etc/snort/snort.conf or rules file. They remain as the default and I did PCAP reading using following command.
sudo /usr/sbin/snort -d -l /var/log/snort -c /etc/snort/snort.conf -r /home/navarathna/Downloads/cap2.pcap
The PCAP file is successfully read and a snort.log file is created, but the size of that file is 0 bytes. When I installed snort, there was no alert file in /var/log/snort directory. So I created one and gave owner permission for snort as following.
sudo chown snort.snort alert
After the PCAP reading, both snort.log and alert files have no content (Although the snort.log modified date changes to the last read date and time). Their sizes are 0 bytes. What am I doing wrong here?? Do I need to do some additional changes for rules/snort.conf files?
Aucun commentaire:
Enregistrer un commentaire