Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: No alerts?

From: "Russell Packer" <russell.packer () arnoldinteractive com>
Date: Thu, 8 Jan 2004 15:01:15 -0000
Yes, that seems to have done it!

One thing though; I had to use the lowercase i, i.e.

snort -D -i eth0 -i eth1 -c /etc/snort/snort.conf

Thanks!

-----Original Message-----
From: Dan Fiorito [mailto:danf () clearnetwork com]
Sent: 08 January 2004 13:46
To: Russell Packer
Subject: RE: [Snort-users] No alerts?


Are you sniffing with the correct nic ?  -I eth1

-----Original Message-----
From: Russell Packer [mailto:russell.packer () arnoldinteractive com] 
Sent: Thursday, January 08, 2004 8:39 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] No alerts?

Hi all,

Only just start with Snort, and I'm a little puzzled as to why I'm not
seeing any alerts...

I'm running all Linux, and have this setup:

Box1 -- Box2 -- Box3

Box2 is running iptables and snort, and has 2 NICs. Everything works
cool, apart from I don't see any Snort alerts.


I think the two most relevant parts from my snort.conf are:

1.) Sending the alerts to the syslog
output alert_syslog: LOG_AUTH LOG_ALERT

2.) My test rules:
include $RULE_PATH/test.rules

test.rules contains:

alert tcp any any -> any any (msg:"TCP traffic";)

Snort is started with -D -c /etc/snort/snort.conf and shows up in the
process list.

In theory, any tcp traffic should generate an alert in the syslog, yes?

So I FTP from Box1 to Box3 and connect OK, which should generate an
alert, yes? Unfortunately, I get nothing.

Any help much appreciated?




-------------------------------------------------------
This SF.net email is sponsored by: Perforce Software.
Perforce is the Fast Software Configuration Management System offering
advanced branching capabilities and atomic changes on 50+ platforms.
Free Eval! http://www.perforce.com/perforce/loadprog.html
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: