Snort mailing list archives
Re: (no subject)
From: Erek Adams <erek () theadamsfamily net>
Date: Wed, 12 Jun 2002 13:01:27 -0700 (PDT)
On Wed, 12 Jun 2002, Richard Houston wrote:
I need some help with setting up snort as a NIDS. I have version 1.8.3 installed on a RH 6.2 machine attached to 2 stacked
Consider upgrading. 1.8.6 is the most current, with 1.8.7beta6 in the works. There are lots of little 'gotchas' that were fixed in the 1.8.x line.
3com hubs. If I port scan the snort host I get lots of log messages related to the port scan, I all so use typhon to scan the snort host with a selection of exploits Scan and all seems fine. I have all messages going to syslog. Now here is the issue. If I scan a host other than the snort host, snort does not log anything.
Yep. Sounds just like: http://www.snort.org/docs/faq.html#6.21
Here is the command I used to start snort. /usr/sbin/snort -dev -h 10.1.1.0/24 -l /var/log/snort -d -D -i eth0 -c /etc/snort/snort.conf
If you're running snort as a daemon, then you don't need '-d, -v, -e, and -d'. -ved tells snort to write to STDOUT and to decode the packts on the fly. -D uncouples snort from STDOUT, but due to the other switches, snort is still trying to decode and print those things--wasting CPU. [...snip...] You might also want to check what $HOME_NET and $EXTERNAL_NET are set to. I would suggest: var HOME_NET 10.1.1.0/24 var EXTERNAL_NET !$HOME_NET as a starting point--If they aren't like that already. Oh, and try to give us a subject line next time. Somefolks sort email based on subjects.... And that's the common subject sent to /dev/null. ;-) Cheers! ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net _______________________________________________________________ Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: (no subject), (continued)
- Re: (no subject) Rich Adamson (May 31)
- RE: (no subject) John Stroud (May 31)
- RE: (no subject) Wirth, Jeff (May 31)
- Re: (no subject) Hugo Ferr (May 31)
- (no subject) Eduard San Anselmo (Jun 04)
- RE: (no subject) McCammon, Keith (Jun 04)
- FW: (no subject) ChandlerH (Jun 04)
- RE: (no subject) Richard Silver (Jun 04)
- (no subject) john (Jun 11)
- (no subject) Richard Houston (Jun 12)
- Re: (no subject) Erek Adams (Jun 12)