problems getting logs :(

[Mohamed Sentissi <sentissi () esus cs montana edu>]

hello

 I installed snort couple of days ago and when I run it and ran nmap on
myself (on my private address ) it gave just one log entry ! and this
morning and yesterday night I don't get any more logs :( even if I run
nmap on myself!

snort.conf:

var HOME_NET $eth0_ADDRESS

var EXTERNAL_NET any

var DNS_SERVERS [204.212.170.2,204.212.170.12]

preprocessor defrag
preprocessor http_decode: 80 8080
preprocessor portscan: $HOME_NET 4 3 /var/log/snort/portscan.log
preprocessor portscan-ignorehosts: $DNS_SERVERS
output alert_syslog: LOG_AUTHPRIV LOG_ALERT
include /etc/snort/webcgi-lib
include /etc/snort/webcf-lib
include /etc/snort/webiis-lib
include /etc/snort/webfp-lib
include /etc/snort/webmisc-lib
include /etc/snort/overflow-lib
include /etc/snort/finger-lib
include /etc/snort/ftp-lib
include /etc/snort/smtp-lib
include /etc/snort/telnet-lib
include /etc/snort/misc-lib
include /etc/snort/netbios-lib
include /etc/snort/scan-lib
include /etc/snort/ddos-lib
include /etc/snort/backdoor-lib
include /etc/snort/ping-lib
include /etc/snort/rpc-lib


the command I run is :
 /usr/sbin/snort -u snort -g snort -D -i eth0 -d  -c
/etc/snort/snort.conf

I don't know if it's a permission problem on some log files but .....

anybody faced this provlem before ?

nmap : nmap -sX -P0 -D 1.2.3.4,5.6.7.8 192.168.1.1



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users