SNORT newbie looking for some help with Snort on Win2k

[Richard Roy <royr () justicetrax com>]

I set up SNORT using IDSCentre and tested the config using the applet.  I
received no error messages, the SNORT window is minimized and things appear
to work, yet there are no alerts, no log entries, nothing.  I know we are
under hits all the time, my firewall reports blocking them.  
Setup:
W2K Pro p3 733.  On a hub with router and firewall external interface.  I
have 64 public IP's and I'd like to scan the range if possible.  I am
including the following.   
> From IDSCentre the command line it fires, the snort.conf file and the screen
output from the minimized snort window.  I can't quite figure out what is
wrong.  Another set of eyes looking at this is what I am hoping someone will
do and see a problem.

TIA for your help

Rich
PS Sorry it is a long post, but I did not want to do an attachment.

[Begin config]
[************cmd line*********]
c:\snort\Snort.exe -c "c:\snort\snort.conf" -l "c:\snort\log" -h
aaa.bbb.ccc.ddd/32 -i 1 -a -b -C -d -e -O -X -I -G basic -U -y
[*NOTE, yes I blanked out my IP above.  It is a public IP*]


[***********snort.conf**************]
#--------------------------------------------------
#   http://www.activeworx.com Snort 1.8.6 Ruleset
#     IDS Policy Manager Version: 1.3 Build(31)
# Current Database Updated -- May 10, 2002 10:55 AM
#--------------------------------------------------
#
## Variables
## ---------
#var HOME_NET 10.1.1.0/24
#var HOME_NET $eth0_ADDRESS
#var HOME_NET [10.1.1.0/24,192.168.1.0/24]
var HOME_NET any
var EXTERNAL_NET any
var SMTP $HOME_NET
var HTTP_SERVERS $HOME_NET
var SQL_SERVERS $HOME_NET
var DNS_SERVERS $HOME_NET
#var RULE_PATH ./
var RULE_PATH c:\snort\rules
var SHELLCODE_PORTS !80
#var SPADEDIR .
#
## Preprocessor Support
## --------------------
preprocessor http_decode: 80 -cginull -unicode
preprocessor rpc_decode: 111 32771
preprocessor bo:
preprocessor stream4: detect_scans
preprocessor stream4_reassemble
preprocessor portscan: $HOME_NET 4 3 portscan.log
#preprocessor portscan-ignorehosts: 0.0.0.0
preprocessor frag2
preprocessor telnet_decode
#
#
## Output Modules
## --------------
#output database: log, unixodbc, dbname=snort user=snort host=localhost
password=test
output CSV: log default
output log_tcpdump: snorttcp.log
#output xml: Log, file=/var/log/snortxml
output log_unified: filename snort.log, limit 128
#
#output alert_syslog: LOG_AUTH LOG_ALERT
#output alert_unified: filename snort.alert, limit 128
#output trap_snmp: alert, 7, inform -v 3 -p 162 -l authPriv -u snortUser -x
DES -X "" -a SHA -A "" myTrapListener
#
## Custom Rules
## ------------
ruletype suspicious
{
 type log
 output log_tcpdump: suspicious.log
}
ruletype redalert
{
 type alert
 output alert_syslog: LOG_AUTH LOG_ALERT
# output database: log, mysql, user=snort dbname=snort host=localhost
}
#ruletype <New_Custom_Rules>
#{
#}
#
## Include Files
## -------------
include classification.config
#
include $RULE_PATH/bad-traffic.rules
include $RULE_PATH/exploit.rules
include $RULE_PATH/scan.rules
include $RULE_PATH/finger.rules
include $RULE_PATH/ftp.rules
include $RULE_PATH/telnet.rules
include $RULE_PATH/smtp.rules
include $RULE_PATH/rpc.rules
include $RULE_PATH/rservices.rules
include $RULE_PATH/dos.rules
include $RULE_PATH/ddos.rules
include $RULE_PATH/dns.rules
include $RULE_PATH/tftp.rules
include $RULE_PATH/web-cgi.rules
include $RULE_PATH/web-coldfusion.rules
include $RULE_PATH/web-iis.rules
include $RULE_PATH/web-frontpage.rules
include $RULE_PATH/web-misc.rules
include $RULE_PATH/web-attacks.rules
include $RULE_PATH/sql.rules
include $RULE_PATH/x11.rules
include $RULE_PATH/icmp.rules
include $RULE_PATH/netbios.rules
include $RULE_PATH/misc.rules
include $RULE_PATH/attack-responses.rules
include $RULE_PATH/backdoor.rules
include $RULE_PATH/shellcode.rules
include $RULE_PATH/policy.rules
include $RULE_PATH/porn.rules
include $RULE_PATH/info.rules
include $RULE_PATH/icmp-info.rules
include $RULE_PATH/virus.rules
#include $RULE_PATH/experimental.rules
include $RULE_PATH/local.rules


{*********Snort Screen*************}

Log directory = c:\snort\log

Initializing Network Interface \

        --== Initializing Snort ==--
Decoding Ethernet on interface \Device\Packet_NdisWanIp
Initializing Preprocessors!
Initializing Plug-ins!
Initializating Output Plugins!
Parsing Rules file c:\snort\snort.conf

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
Stream4 config:
    Stateful inspection: ACTIVE
    Session statistics: INACTIVE
    Session timeout: 30 seconds
    Session memory cap: 8388608 bytes
    State alerts: INACTIVE
    Scan alerts: ACTIVE
    Log Flushed Streams: INACTIVE
No arguments to stream4_reassemble, setting defaults:
     Reassemble client: ACTIVE
     Reassemble server: INACTIVE
     Reassemble ports: 21 23 25 53 80 143 110 111 513
     Reassembly alerts: ACTIVE
     Reassembly method: FAVOR_OLD
Using GMT time
No arguments to frag2 directive, setting defaults to:
    Fragment timeout: 60 seconds
    Fragment memory cap: 4194304 bytes
ProcessFileOption: c:\snort\log/log
WARNING: command line overrides rules file logging plugin!
WARNING: command line overrides rules file logging plugin!
WARNING: command line overrides rules file logging plugin!
980 Snort rules read...
980 Option Chains linked into 100 Chain Headers
0 Dynamic rules
+++++++++++++++++++++++++++++++++++++++++++++++++++

Rule application order:
->activation->dynamic->alert->pass->log->suspicious->red
alert

        --== Initialization Complete ==--

-*> Snort! <*-
Version 1.8-WIN32 (Build 103)
By Martin Roesch (roesch () sourcefire com, www.snort.org)
1.7-WIN32 Port By Michael Davis (mike () datanerds net,
www.datanerds.net/~mike)
1.8-WIN32 Port By Chris Reid (chris.reid () codecraftconsultants com)
          (based on code from 1.7 port)

[End config]