Clicky

i have configured SNORT using this link
 
http://it.thelibrarie.com/weblog/2010/06/installing-snort-on-ubuntu-10-04/

eth0 20.5.0.171 255.255.255.0
eth1 listening port connected to TEST Switch fa0/1

test switch config
monitor session 1 source vlan 10
monitor session 1 destination interface fa0/1

now when i am restarting snort its showing this error. plz guide me in this.

root@xss-240:~# /etc/init.d/snort restart
 * Starting Network Intrusion Detection System  snort                * /etc/snort/db-pending-config file found
 * Snort will not start as its database is not yet configured.
 * Please configure the database as described in
 * /usr/share/doc/snort-{pgsql,mysql}/README-database.Debian
 * and remove /etc/snort/db-pending-config

 

 

asked 10/20/2011 07:32

Mbhushan's gravatar image

Mbhushan ♦♦


6 Answers:
This looks like Bug 222091 which appears to have been fixed already in 2009. Please read the bug report, please ensure you have configured database access as per the mentioned document, ensure snort does not connect to the database as root but user "snort" and check if you have installed snort-2.8.4.1-3ubuntu1 or more recent?
link
unSpawn's gravatar image

unSpawn

bro how to check snort version
link
Mbhushan's gravatar image

Mbhushan

root@xss-240:~# snort -V

   ,,_     -*> Snort! <*-
  o"  )~   Version 2.8.5.2 (Build 121)
   ''''    By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team
link
Mbhushan's gravatar image

Mbhushan

Hi, please read the link below if you want to run snort in a production environment since snort  2.8.6.1 or older won't be supported anymore soon. You should upgrade to snort 2.9.1.1.

http://blog.snort.org/2011/10/snort-2861-eol-is-coming-soon.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Snort+%28Snort%29

thanks
link
Jelcin's gravatar image

Jelcin

If you are intrested here is a guide how to install snort 2.9.1 on Ubuntu 10.04 LTS.

http://www.snort.org/assets/158/012-snortinstallguide291.pdf


link
Jelcin's gravatar image

Jelcin

Hi Jelcin,

http://www.snort.org/assets/158/012-snortinstallguide291.pdf

Hi,
i have configured snort on ubuntu 10.0.4 according to this pdf http://www.snort.org/assets/158/012-snortinstallguide291.pdf.  here is the eth details.

-----------------------------------------------------------------------------------------------

root@xss-240:~# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:1d:7d:22:2c:b3  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Interrupt:23 Base address:0x6000

eth1      Link encap:Ethernet  HWaddr 00:03:47:df:bb:02  
          inet addr:10.5.0.171  Bcast:10.5.0.255  Mask:255.255.255.0
          inet6 addr: fe80::203:47ff:fedf:bb02/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:6704 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4105 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:3985918 (3.9 MB)  TX bytes:959947 (959.9 KB
----------------------------------------------------------------------------------------------------

i have done step by step as it is mentioned in pdf.  while opening snort in browser i am getting this errorr

Table 'snort.event' doesn't exist

please guide me
 
snort error
snort error
 
link
Mbhushan's gravatar image

Mbhushan

Your answer
[hide preview]

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Tags:

×1

Asked: 10/20/2011 07:32

Seen: 581 times

Last updated: 11/02/2011 11:08