(no subject)

["Keith A. Pachulski, PPS" <netsec () ptd net>]

have set this up before but this is the first time on redhat i`ve had an
issue with snort not logging alerts whatsoever..

config file

output alert_syslog: LOG_LOCAL3 LOG_INFO
var HOME_NET x.x.x.x.0/28
var DNS_SERVER x.x.x.x/32 
preprocessor http_decode: 80
preprocessor minfrag: 128
preprocessor portscan: $HOME_NET 25 5 /var/log/portscan.log
preprocessor portscan-ignorehosts: $DNS_SERVER

include /home/snort/nids/webcgi-lib
include /home/snort/nids/webcf-lib
include /home/snort/nids/webiis-lib
include /home/snort/nids/webfp-lib
include /home/snort/nids/webmisc-lib
include /home/snort/nids/overflow-lib
include /home/snort/nids/finger-lib
include /home/snort/nids/ftp-lib
include /home/snort/nids/smtp-lib
include /home/snort/nids/telnet-lib
include /home/snort/nids/misc-lib
include /home/snort/nids/netbios-lib
include /home/snort/nids/misc-lib
include /home/snort/nids/scan-lib
include /home/snort/nids/ddos-lib
include /home/snort/nids/backdoor-lib
include /home/snort/nids/ping-lib
include /home/snort/nids/rpc-lib
include /home/snort/nids/email-virus-lib

syslog conf file

#Keith =)
local3.info             /var/log/systemsec

when I run snort in verbose I see all traffic on the physical and virtual
interface but once I apply the rules snort goes blind..

syslog is working as I tested it, so it comes down to snort not working right

was a basic config with no special options

./configure
make

ssl and sql is running, wasn`t sure how to disable ssl or sql from the snort configure