|
|
|
|
Snort Forums Archive
Archive Home » BSD » Snort, Prelude, Prewikka alerting problem
Please note that the categories listed below represent an archived version of our forums pages. To view the current version and be able to post and reply to threads, please register and login here to go to the full forums pages.
[ Notice: Full Version of This Topic ]
Snort, Prelude, Prewikka alerting problem
Posted by ballsy12 on January 29, 2008 10:15:50
We're having a problem with our installation of snort, prelude and prewikka.
We have two machines, both using OpenBSD 4.2. One is set up as a server with prelude-manager and prewikka on it, the other is set up as the sensor with snort and prelude on it. We are using all the latest ports on the OpenBSD ports site.
Now what is happening is that the snort sensor is up and running, we scan the system with nmap, and the alerts all show up when we check the server with prewikka. However, any other scans that happen after the first do not show up on prewikka. Usually we do a xmas scan followed by a UDP scan, or another xmas scan.
Once we shut down snort on the sensor computer and check prewikka again, all the alerts from the secondary scans show up.
We've tried running in Daemon mode, but it hangs with a sleep_wait error unless we do something like: snort -c /etc/snort/snort.conf -D > /dev/null &. We've tried it with snort in the foreground with snort -c /etc/snort.conf. Both of these have the same alert problems with prewikka.
Any help would be greatly appreciated. Thanks for your time. |
|
Posted by ballsy12 on January 29, 2008 11:49:22
sorry for the double post |
|
|
|
|
|
