Snort mailing list archives
problems getting logs :(
From: Mohamed Sentissi <sentissi () esus cs montana edu>
Date: Wed, 09 May 2001 09:30:10 -0600
hello I installed snort couple of days ago and when I run it and ran nmap on myself (on my private address ) it gave just one log entry ! and this morning and yesterday night I don't get any more logs :( even if I run nmap on myself! snort.conf: var HOME_NET $eth0_ADDRESS var EXTERNAL_NET any var DNS_SERVERS [204.212.170.2,204.212.170.12] preprocessor defrag preprocessor http_decode: 80 8080 preprocessor portscan: $HOME_NET 4 3 /var/log/snort/portscan.log preprocessor portscan-ignorehosts: $DNS_SERVERS output alert_syslog: LOG_AUTHPRIV LOG_ALERT include /etc/snort/webcgi-lib include /etc/snort/webcf-lib include /etc/snort/webiis-lib include /etc/snort/webfp-lib include /etc/snort/webmisc-lib include /etc/snort/overflow-lib include /etc/snort/finger-lib include /etc/snort/ftp-lib include /etc/snort/smtp-lib include /etc/snort/telnet-lib include /etc/snort/misc-lib include /etc/snort/netbios-lib include /etc/snort/scan-lib include /etc/snort/ddos-lib include /etc/snort/backdoor-lib include /etc/snort/ping-lib include /etc/snort/rpc-lib the command I run is : /usr/sbin/snort -u snort -g snort -D -i eth0 -d -c /etc/snort/snort.conf I don't know if it's a permission problem on some log files but ..... anybody faced this provlem before ? nmap : nmap -sX -P0 -D 1.2.3.4,5.6.7.8 192.168.1.1 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- problems getting logs :( Mohamed Sentissi (May 09)