RE: Snort Just Does Not Want To Work on Shadow Interrface

["Patrick S. Harper" <patrick () internetsecurityguru com>]

Glad your up and running, I understand days like that.  I have had more then
my share myself.  Good luck

Patrick S. Harper | CISSP RHCT MCSE
www.internetsecurityguru.com

www.ntsug.org - Snort Users Group

"If there is no light at the end of the tunnel, get down there and light the
damn thing yourself!"
 
-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Rhugga
Sent: Tuesday, July 20, 2004 5:30 PM
To: Harper, Patrick
Cc: Snort-User Mailing List
Subject: Re: [Snort-users] Snort Just Does Not Want To Work on Shadow
Interrface

Harper, Patrick wrote:

> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=ort-users
>  
Will someone please find a large heavy cinder block and smash it over my
head.

Once I got snort reading the interface w/o an IP address it was matching
rules, I was being tired and lazy and using Acid to determine this. 
(after a 16-hr day and 3 fatening catered meals) I actually have 2 acid
directories, one that uses my internal sensor database and 1 that uses a
database for my external sensor. I have the internal IDS off so it was not
logging anything. I was looking at the internal snort's database via acid to
see what my external sensor was doing. duh. If I would have looked at the
raw data stream in the first place like a normal person. 
(sorry, browsers are too easy to ues, =)

Anyway thanks for all the help all, and sorry if I was short with anyone
just having a ton of bricks dropped on me lately at work and blah ...... 
Im sure everyone here is in the same boat in this economy. Same IT workload,
1/3 the people.

Thx,
RHugga





-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise
J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.723 / Virus Database: 479 - Release Date: 7/19/2004
 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.723 / Virus Database: 479 - Release Date: 7/19/2004
 



-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users