RE: Snort ain't logging anything...

["L. Christopher Luther" <CLuther () Xybernaut com>]

Try running snort in sniffer mode (e.g., snort -v -i eth0).  In sniffer
mode, snort should display to the console all packets that it sees.  If
you're getting data, then let the list know and we can proceed on to the
next test.  

- Christopher


-----Original Message-----
From: "Mam Ruoc" <mamruoc () hotmail com>
To: snort-users () lists sourceforge net
Date: Thu, 06 Feb 2003 11:54:55 +0100
Subject: [Snort-users] Snort ain't logging anything...

Greetings snort-experts

First off all, I'm a newbie, please be patient with me....

I got some problem after upgrading to Snort 1.9.0. I've been configuring 
snort.conf a dozen times, I've set Iptables to accept everything (droppped 
using IPTables), 'cause I thought packets might been filtered before Snort. 
Nothing helped...

Then I found that my eth0 wasn't in promiscuous mode, so I'd manually add it

to startup... Somebody said that's the problem, 'cause Snort couldn't 
retrieve data without the NIC beeing in promiscuous mode (is that right)That

didn't help either...

Can somebody please tell what I can do to detect what's wrong?? I've used 
programs like nmap and sneeze (which tests rulesets by sending bogus 
packets), the only thing I've got back is: 'snort: (spp_arpspoof) 
Ethernet/ARP Mismatch request for Destination' in my syslog.

My system is:

Snort version 1.9.0 (Build 209) (supporting mysql)

_________________________________________________________________
MSN Messenger http://www.msn.no/messenger - Den korteste veien mellom deg og

dine venner