snort not logging

["steve nutt" <luckysnutt () cox net>]

Hello:

I have just setup a dedicated snort box with two network cards sitting
behind a cable modem. The snort box has a 0.0.0.0 address and is not logging
anything in /var/log/alert, and I am running snort with /usr/local/
aris-sensor/snort -A fast -b -q -l /var/log/snort -d -D -c
/usr/local/aris-sensor/snort.conf . I have a hub behind the cable modem and
two boxes plugged into this hub. One a firewall box and the other the snort
box. The second network card of the snort box is connect to the firewall dmz
card. Both boxes have snort running.

like this:

internet--Hub--FW--------Hub----Trusted Network
                |        |--DMZ
                |----snort---|

I am tailing alert and messages files on both boxes. When I port scan from
the internet side I get alerts on the firewall box but no alerts on the
snort box. Any ideas for no alerts being logged to the snort box????

Sincerely:
Steve


_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas - http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users