-
Notifications
You must be signed in to change notification settings - Fork 630
Troubleshooting Snort and MHN
Jason Trost edited this page Feb 7, 2015
·
5 revisions
When troubleshooting snort, it is helpful to run these commands/
- Output of this command (on the snort sensor):
sudo supervisorctl status
. Is snort running? - Contents of /var/log/snort.log (on the snort sensor). Do you see any errors related to bad signatures or failed connection or authentication to hpfeeds?
- Contents of /opt/snort/etc/snort.conf (on the snort sensor). Take note of the hpfeeds logging section. Is the host correct? It should be your MHN server.
- Output of this command (on the MHN Server). Does the ident and secret from your hpfeeds logging section match the auth_key for your snort sensor?
mongo hpfeeds
> db.auth_key.find({'publish': ['snort.alerts']})
5. Output of this command (on the MHN Server). Are there any snort records?
mongo mnemosyne
> db.session.find({'honeypot': 'snort'})