gpt4 book ai didi

centos - SNORT 未向控制台发出警报

转载 作者:太空宇宙 更新时间:2023-11-03 17:17:35 27 4
gpt4 key购买 nike

我试图在 CentOS 6.4 上测试 snort 2.9.4,但在控制台上看不到任何警报。我使用以下命令运行它:

snort -i eth2 -c/etc/snort/snort.conf

eth2 是连接到 span 端口的接口(interface)。如果我在界面上执行 tcpdump,我会得到很多很多数据。

我在 local.rules 中有以下规则:

alert icmp any any -> any any (msg: "ICMP Testing Rule"; sid:1000001; rev:1;)
alert tcp any any -> any 80 (msg: "TCP Testing Rule"; sid:1000002; rev:1;)
alert udp any any -> any any (msg: "UDP Testing Rule"; sid:1000003; rev:1;)

当我点击“control c”时,我得到以下统计数据:

===============================================================================
Run time for packet processing was 817.54341 seconds
Snort processed 17555 packets.
Snort ran for 0 days 0 hours 13 minutes 37 seconds
Pkts/min: 1350
Pkts/sec: 21
===============================================================================
Packet I/O Totals:
Received: 17610
Analyzed: 17555 ( 99.688%)
Dropped: 55 ( 0.311%)
Filtered: 0 ( 0.000%)
Outstanding: 55 ( 0.312%)
Injected: 0
===============================================================================
Breakdown by protocol (includes rebuilt packets):
Eth: 17599 (100.000%)
VLAN: 0 ( 0.000%)
IP4: 17175 ( 97.591%)
Frag: 0 ( 0.000%)
ICMP: 16 ( 0.091%)
UDP: 794 ( 4.512%)
TCP: 16365 ( 92.988%)
IP6: 12 ( 0.068%)
IP6 Ext: 12 ( 0.068%)
IP6 Opts: 0 ( 0.000%)
Frag6: 0 ( 0.000%)
ICMP6: 12 ( 0.068%)
UDP6: 0 ( 0.000%)
TCP6: 0 ( 0.000%)
Teredo: 12 ( 0.068%)
ICMP-IP: 0 ( 0.000%)
EAPOL: 0 ( 0.000%)
IP4/IP4: 0 ( 0.000%)
IP4/IP6: 0 ( 0.000%)
IP6/IP4: 0 ( 0.000%)
IP6/IP6: 0 ( 0.000%)
GRE: 0 ( 0.000%)
GRE Eth: 0 ( 0.000%)
GRE VLAN: 0 ( 0.000%)
GRE IP4: 0 ( 0.000%)
GRE IP6: 0 ( 0.000%)
GRE IP6 Ext: 0 ( 0.000%)
GRE PPTP: 0 ( 0.000%)
GRE ARP: 0 ( 0.000%)
GRE IPX: 0 ( 0.000%)
GRE Loop: 0 ( 0.000%)
MPLS: 0 ( 0.000%)
ARP: 3 ( 0.017%)
IPX: 0 ( 0.000%)
Eth Loop: 0 ( 0.000%)
Eth Disc: 0 ( 0.000%)
IP4 Disc: 0 ( 0.000%)
IP6 Disc: 0 ( 0.000%)
TCP Disc: 0 ( 0.000%)
UDP Disc: 0 ( 0.000%)
ICMP Disc: 0 ( 0.000%)
All Discard: 0 ( 0.000%)
Other: 421 ( 2.392%)
Bad Chk Sum: 0 ( 0.000%)
Bad TTL: 0 ( 0.000%)
S5 G 1: 11 ( 0.063%)
S5 G 2: 33 ( 0.188%)
Total: 17599
===============================================================================
Action Stats:
Alerts: 4933 ( 28.030%)
Logged: 4933 ( 28.030%)
Passed: 0 ( 0.000%)
Limits:
Match: 0
Queue: 0
Log: 0
Event: 0
Alert: 261
Verdicts:
Allow: 13263 ( 75.315%)
Block: 0 ( 0.000%)
Replace: 0 ( 0.000%)
Whitelist: 4292 ( 24.373%)
Blacklist: 0 ( 0.000%)
Ignore: 0 ( 0.000%)
===============================================================================
Frag3 statistics:
Total Fragments: 0
Frags Reassembled: 0
Discards: 0
Memory Faults: 0
Timeouts: 0
Overlaps: 0
Anomalies: 0
Alerts: 0
Drops: 0
FragTrackers Added: 0
FragTrackers Dumped: 0
FragTrackers Auto Freed: 0
Frag Nodes Inserted: 0
Frag Nodes Deleted: 0
===============================================================================
Stream5 statistics:
Total sessions: 643
TCP sessions: 285
UDP sessions: 358
ICMP sessions: 0
IP sessions: 0
TCP Prunes: 0
UDP Prunes: 0
ICMP Prunes: 0
IP Prunes: 0
TCP StreamTrackers Created: 285
TCP StreamTrackers Deleted: 285
TCP Timeouts: 0
TCP Overlaps: 0
TCP Segments Queued: 7229
TCP Segments Released: 7229
TCP Rebuilt Packets: 1401
TCP Segments Used: 7068
TCP Discards: 95
TCP Gaps: 4
UDP Sessions Created: 358
UDP Sessions Deleted: 358
UDP Timeouts: 0
UDP Discards: 0
Events: 0
Internal Events: 0
TCP Port Filter
Dropped: 0
Inspected: 0
Tracked: 16321
UDP Port Filter
Dropped: 0
Inspected: 51
Tracked: 358
===============================================================================
HTTP Inspect - encodings (Note: stream-reassembled packets included):
POST methods: 8
GET methods: 238
HTTP Request Headers extracted: 261
HTTP Request Cookies extracted: 94
Post parameters extracted: 8
HTTP response Headers extracted: 251
HTTP Response Cookies extracted: 18
Unicode: 0
Double unicode: 0
Non-ASCII representable: 0
Directory traversals: 0
Extra slashes ("//"): 37
Self-referencing paths ("./"): 0
HTTP Response Gzip packets extracted: 55
Gzip Compressed Data Processed: 363978.00
Gzip Decompressed Data Processed: 1132880.00
Total packets processed: 8600
===============================================================================
SMTP Preprocessor Statistics
Total sessions : 0
Max concurrent sessions : 0
===============================================================================
dcerpc2 Preprocessor Statistics
Total sessions: 0
===============================================================================
SSL Preprocessor:
SSL packets decoded: 1159
Client Hello: 134
Server Hello: 121
Certificate: 89
Server Done: 228
Client Key Exchange: 77
Server Key Exchange: 9
Change Cipher: 214
Finished: 0
Client Application: 151
Server Application: 59
Alert: 0
Unrecognized records: 608
Completed handshakes: 0
Bad handshakes: 0
Sessions ignored: 59
Detection disabled: 0
===============================================================================
SIP Preprocessor Statistics
Total sessions: 0
===============================================================================
Snort exiting

谢谢。

最佳答案

snort.conf 文件中的警报设置是什么?我也建议运行 tail -f <path to snort alert file>在运行 snort 时,您可以看到这些警报。

关于centos - SNORT 未向控制台发出警报,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/16146464/

27 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com