Snort mailing list archives
Re: Snort is too quiet!
From: "Guillaume" <guillaume () anteria fr>
Date: Mon, 21 Jan 2002 09:34:58 +0100 (CET)
Hello all, Hope this hasn't been ask too often but my snort catch no alert at all. I installed snort 1.8.3 with ACID v0.9.6b19 and there was no error during installation. My snort box is Linux 2.4.3, located outside firewall, and I already set my adapter to promiscuous mode, still nothing happen. I simply edited a $HOME_NET variable in snort.conf file and use the default rules that came with snort itself. Any suggestion? Thank you very very much. P.S. my snort command is ./snort -de -h xxx.xxx.xxx.xxx/24 -c snort.conf -l /var/log/snort -i eth1 -D
Hello. The above command line looks strange : you aks snort to log alerts under /var/log/snort directory, while you seems wanting to use ACID as log viewer... And ACID does interface a MySQL DB in which snort logs, not the /var/log/snort directory... Look at what's in /var/log/snort. Is there something ? (typically: lert.log file, maybe a portscan.log one, and subdirectories named after IPs of incoming connections). I think that your command line -l option overcame what's inside your snort.conf. Try alos to run snort like this : ./snort -de -h xxx.xxx.xxx.xxx/24 -c snort.conf -i eth1 -D and see what happen. Regards, Guillaume [ Sent with SquirrelMail - http://www.squirrelmail.org ] _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort is too quiet! sirikanya (Jan 21)
- Re: Snort is too quiet! Guillaume (Jan 21)
- <Possible follow-ups>
- Re: Snort is too quiet! sirikanya (Jan 21)
- Re: Snort is too quiet! Guillaume (Jan 21)
- Re: Snort is too quiet! sirikanya (Jan 23)
- Re: Snort is too quiet! Guillaume (Jan 24)
- generating snort rules automatically Charles (Jan 24)
- Re: generating snort rules automatically Ryan Russell (Jan 24)
- Re: generating snort rules automatically Charles (Jan 24)
- Re: generating snort rules automatically Ryan Russell (Jan 24)
- Re: generating snort rules automatically Charles (Jan 24)
- Re: Snort is too quiet! Guillaume (Jan 24)
- Does snort only work in real time mode? Charles (Jan 24)