Señores estoy tratando de hacer jalar snort en su ultima version para X64 , lo he configurado siguiendo un howto del mero site snort.org , a la hora de ver registros o de intentos de sospechas con base la aplicacion web no muestra nada , ejecuto el comando desde el terminal snort -c /etc/snort/snort.conf pero solo muestra el trafico que esta leyendo y no ingresa nada a la bd, es mas el BASE, me muestra que hay 3 sensores pero no esta activo o no esta enviando informacion, no se que me puede saltar o que estara pasando, les agradezco cualquier colaboracion.
esto es lo que me sale cuando ejecuto el snort ule application order: activation->dynamic->pass->drop->sdrop->reject->alert->log Verifying Preprocessor Configurations! ICMP tracking disabled, no ICMP sessions allocated pcap DAQ configured to passive. Acquiring network traffic from "eth0". Reload thread starting... Reload thread started, thread 0x42090940 (9278) Decoding Ethernet WARNING: normalizations disabled because DAQ can't replace packets. database: compiled support for (mysql) database: configured to use mysql database: schema version = 107 database: host = localhost database: user = snortmen database: database name = snort database: sensor name = 2.0.0.0 database: sensor id = 1 database: data encoding = hex database: detail level = full database: ignore_bpf = no database: using the "log" facility --== Initialization Complete ==-- ,,_ -*> Snort! <*- o" )~ Version 2.9.1.2 IPv6 GRE (Build 84) '''' By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team Rules Engine: SF_SNORT_DETECTION_ENGINE Version 1.15 <Build 18> Preprocessor Object: SF_DNS (IPV6) Version 1.1 <Build 4> Preprocessor Object: SF_SSLPP (IPV6) Version 1.1 <Build 4> Preprocessor Object: SF_IMAP (IPV6) Version 1.0 <Build 1> Preprocessor Object: SF_SMTP (IPV6) Version 1.1 <Build 9> Preprocessor Object: SF_FTPTELNET (IPV6) Version 1.2 <Build 13> Preprocessor Object: SF_SSH (IPV6) Version 1.1 <Build 3> Preprocessor Object: SF_SIP (IPV6) Version 1.1 <Build 1> alguna idea que pueda hacer lista , x cierto felices fiestas ! -- rickygm http://gnuforever.homelinux.com -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAL_GE3Rg5wHBOxCiuDaor0cGxpzt953y=ign2ufagm4gr0b...@mail.gmail.com