Snort mailing list archives

Re: snort not capturing

From: Martin Holste <mcholste () gmail com>
Date: Wed, 14 Sep 2011 16:01:49 -0500

It's probably a permissions issue with /var/log/snort.  Try the exact
same command without -D, and you should get some indication.  You may
also wish to run strace snort ... which should show you if it fails to
open files.

On Wed, Sep 14, 2011 at 2:06 PM, Mario Remy Almeida
<mario.almeida () gmail com> wrote:

Dear All,
I install snort 2.8.6.1 but when I start its not capturing anything.
snort.log and alert files under /var/log/snort are created but both
files are empty neither it logs to mysql.

Snort is started with the below command
/usr/sbin/snort -A fast -b -d -D -I -i eth0 -u snort -g snort -c
/etc/snort/snort.conf -l /var/log/snort

If i start snort with "-v -i eth0 -u snort -g snort -c
/etc/snort/snort.conf " parameters then I can see the tcpdump output
on the terminal.
can anyone help me?

Rgds,
Mario

------------------------------------------------------------------------------
BlackBerry&reg; DevCon Americas, Oct. 18-20, San Francisco, CA
Learn about the latest advances in developing for the
BlackBerry&reg; mobile platform with sessions, labs & more.
See new tools and technologies. Register for BlackBerry&reg; DevCon today!
http://p.sf.net/sfu/rim-devcon-copy1
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!


------------------------------------------------------------------------------
BlackBerry&reg; DevCon Americas, Oct. 18-20, San Francisco, CA
Learn about the latest advances in developing for the 
BlackBerry&reg; mobile platform with sessions, labs & more.
See new tools and technologies. Register for BlackBerry&reg; DevCon today!
http://p.sf.net/sfu/rim-devcon-copy1 
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

snort not capturing Mario Remy Almeida (Sep 14)
- Re: snort not capturing Martin Holste (Sep 14)
  - Re: snort not capturing Mario Remy Almeida (Sep 14)
    - Re: snort not capturing Martin Holste (Sep 14)
    - Re: snort not capturing Mario Remy Almeida (Sep 14)
    - Re: snort not capturing Martin Holste (Sep 15)
    - Re: snort not capturing Mario Remy Almeida (Sep 15)
    - Re: snort not capturing Jason Wallace (Sep 15)
    - Re: snort not capturing Mario Remy Almeida (Sep 15)
    - Re: snort not capturing waldo kitty (Sep 15)