Snort re-setup issues

[Greg Webster <greg () intouch ca>]

Heya,

Maybe I just need to bounce this off someone for a sanity check...advice
would be great.

Our old SNORT box completely died, so I was unable to get the config
file from there to make this easy.

The real problem now is that it's not logging anything coming in.
/var/log/snort/alert is empty.

Here's some quick facts to hopefully narrow down the solution:
- Snort box IP address: 192.168.42.51 on eth0
- eth0 is set to promiscuous mode
- Snort is listening to 64.69.xxx.xxx/27
- The log files are created and appropriate permissions are given
(/var/log/snort)
- I've tried to change Snort to listen to 192.168.42.0/24, and
portscanning from another box in that network, but Snort didn't log it.
- The box is behind two switches...

I haven't seen a solution in my searching...any thoughts on where to go
next?

Thanks,

Greg


-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users