Snort mailing list archives
(no subject)
From: "Keith A. Pachulski, PPS" <netsec () ptd net>
Date: Fri, 8 Jun 2001 14:26:59 -0400
have set this up before but this is the first time on redhat i`ve had an issue with snort not logging alerts whatsoever.. config file output alert_syslog: LOG_LOCAL3 LOG_INFO var HOME_NET x.x.x.x.0/28 var DNS_SERVER x.x.x.x/32 preprocessor http_decode: 80 preprocessor minfrag: 128 preprocessor portscan: $HOME_NET 25 5 /var/log/portscan.log preprocessor portscan-ignorehosts: $DNS_SERVER include /home/snort/nids/webcgi-lib include /home/snort/nids/webcf-lib include /home/snort/nids/webiis-lib include /home/snort/nids/webfp-lib include /home/snort/nids/webmisc-lib include /home/snort/nids/overflow-lib include /home/snort/nids/finger-lib include /home/snort/nids/ftp-lib include /home/snort/nids/smtp-lib include /home/snort/nids/telnet-lib include /home/snort/nids/misc-lib include /home/snort/nids/netbios-lib include /home/snort/nids/misc-lib include /home/snort/nids/scan-lib include /home/snort/nids/ddos-lib include /home/snort/nids/backdoor-lib include /home/snort/nids/ping-lib include /home/snort/nids/rpc-lib include /home/snort/nids/email-virus-lib syslog conf file #Keith =) local3.info /var/log/systemsec when I run snort in verbose I see all traffic on the physical and virtual interface but once I apply the rules snort goes blind.. syslog is working as I tested it, so it comes down to snort not working right was a basic config with no special options ./configure make ssl and sql is running, wasn`t sure how to disable ssl or sql from the snort configure
Current thread:
- (no subject) Horacio Fernandes (Apr 30)
- <Possible follow-ups>
- (no subject) alexus (May 01)
- (no subject) Skip Frizzell (May 04)
- (no subject) bretwatson (May 16)
- (no subject) ricardo bravo (May 24)
- (no subject) Keith A. Pachulski, PPS (Jun 08)
- (no subject) 정윤정 (Jun 09)
- (no subject) Steve Shockley (Jun 11)