- 论坛徽章:
- 0
|
我用centos5.4通过源代码安装snort(mysql,php,httpd,snort通通都是通过源代码安装),装好后打开http://ip/acid/acid_main.php抓不到数据。显示如下:Sensors: 0
Unique Alerts: 0
Total Number of Alerts: 0
Source IP addresses: 0
Dest. IP addresses: 0
Unique IP links 0
Source Ports: 0
TCP ( 0) UDP ( 0)
Dest. Ports: 0
TCP ( 0) UDP ( 0)
所有都是0,网段和网卡绑定都正确的,至少应该本机数据都能抓到啊,不知道为什么,请达人解答。谢谢。
我先贴一下我的配置文件,vi /etc/snort/snort.conf结果如下:
我只贴出修改项。
26行:var HOME_NET 192.168.2.0/24
120行:var RULE_PATH /etc/snort/rules
696行:output database: log, mysql, user=root password=123456 dbname=snort host=localhost
其他都是默认设置的。
当我输入:snort -c /etc/snort/snort.conf最后提示:
Initializing rule chains...
Warning: /etc/snort/rules/exploit.rules(139) => threshold (in rule) is deprecated; use detection_filter instead.
ERROR: (/etc/snort/rules/web-misc.rules)98 => Cannot use 'rawbytes' and 'http_uri' as modifiers for the same "content" nor use 'rawbytes' with "uricontent".
Fatal Error, Quitting..
好像有问题,但是不知道怎么解决 |
|