Snort mailing list archives

Previous By Date Next
Previous By Thread Next

snort not logging alerts !

From: "Daniel Chojecki" <d.chojecki () radiozet com pl>
Date: Tue, 5 Nov 2002 11:00:04 +0100
Hi !

I`m trying to figure out what is going wrong with my conf.

I got snort 1.9.0, with rules from tar.gz.

I start snort with the following command:
/usr/bin/snort -u snort -g snort -d -D \
-I -i eth0 -l /var/log/snort -c /etc/snort/snort.conf

All logs/alerts go to db (acid/mysql)

from my snort.conf:
output database: log, mysql, user=xxx password=xxx dbname=snort_log 
host=xxx
output database: alert, mysql, user=xxx password=xxx dbname=snort_log 
host=xxx

When i run sneeze (from another host) to see is snort is working good, in 
DB i got only portscan detected ... not alert

./sneeze.pl -d www.test.pl -f /etc/snort/rules/web-attacks.rules

from snort.conf:

var HOME_NET 10.10.9.2
var EXTERNAL_NET any

My conf.
rh 7.0
snort 1.9.0
mysql 3.23.53a
libpcap 0.6.2

greetz
boka


-------------------------------------------------------
This sf.net email is sponsored by: See the NEW Palm 
Tungsten T handheld. Power & Color in a compact size!
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: