Foro de elhacker.net

Seguridad Informática => Hacking => Mensaje iniciado por: tecasoft en 28 Febrero 2018, 11:11 am


Título: problema con IPS(snorby,barnyard2,snort,mysql)
Publicado por: tecasoft en 28 Febrero 2018, 11:11 am
buenas gente tengo el siguiente problema con IPS(snorby,barnyard2,snort,mysql)

en /var/log/snort/ tengo esto parece que no arroja ningun evento:
Código
  1. -rw-r--r--  1 root  adm      0 feb 28 07:43 alert
  2. -rw-r--r--  1 snort snort    0 feb 28 03:01 barnyard2.waldo
  3. -rw-r-----  1 snort snort    0 feb 28 05:41 snort.log
  4. -rw-------  1 root  adm      0 feb 28 07:46 snort.log.1519800367
  5. -rw-------  1 root  adm      0 feb 28 07:48 snort.log.1519800516
  6. -rw-------  1 root  adm      0 feb 28 07:52 snort.log.1519800741
  7. -rw-------  1 root  adm      0 feb 28 09:32 snort.log.1519806731
  8. -rw-------  1 root  adm      0 feb 28 09:56 snort.log.1519808201
  9. -rw-------  1 snort adm      0 feb 28 10:03 snort.log.1519808582
  10. -rw-------  1 snort adm      0 feb 28 10:25 snort.log.1519809913
  11. -rw-------  1 snort adm      0 feb 28 10:27 snort.log.1519810021
  12. -rw-------  1 snort adm      0 feb 28 10:29 snort.log.1519810149
  13.  
  14.  
  15.  

si hago /etc/init.d/snort restart me da fallo entonces hago journalctl -xe y me arroja lo siguiente:
Código
  1. journalctl -xe
  2. feb 28 11:07:55 servidor1 snort[19035]: |     1 byte states : 1.02
  3. feb 28 11:07:55 servidor1 snort[19035]: |     2 byte states : 14.05
  4. feb 28 11:07:55 servidor1 snort[19035]: |     4 byte states : 0.00
  5. feb 28 11:07:55 servidor1 snort[19035]: +----------------------------------------------------------------
  6. feb 28 11:07:55 servidor1 snort[19035]: [ Number of patterns truncated to 20 bytes: 1039 ]
  7. feb 28 11:07:55 servidor1 snort[19035]: afpacket DAQ configured to inline.
  8. feb 28 11:07:55 servidor1 snort[19035]: FATAL ERROR: Can't initialize DAQ afpacket (-1) - afpacket_daq_initialize: Invalid interface specification: '
  9. feb 28 11:07:55 servidor1 snort[19027]: Starting Network Intrusion Detection System : snort (enp3s0 using /etc/snort/snort.conf ...ERROR: failed (che
  10. feb 28 11:07:55 servidor1 systemd[1]: snort.service: Control process exited, code=exited status=1
  11. feb 28 11:07:55 servidor1 systemd[1]: Failed to start LSB: Lightweight network intrusion detection system.
  12. -- Subject: Unit snort.service has failed
  13. -- Defined-By: systemd
  14. -- Support: https://www.debian.org/support
  15. -- 
  16. -- Unit snort.service has failed.
  17. -- 
  18. -- The result is failed.
  19. feb 28 11:07:55 servidor1 systemd[1]: snort.service: Unit entered failed state.
  20. feb 28 11:07:55 servidor1 systemd[1]: snort.service: Failed with result 'exit-code'.
  21.  


Powered by SMF 1.1.21 | SMF © 2006-2008, Simple Machines