Snort mailing list archives
Re: snort not logging
From: "steve nutt" <luckysnutt () cox net>
Date: Sun, 9 Jun 2002 17:38:09 +0100
Rob: Please give an example of the using "snort -c <your config path/file> ". Like this? "/usr/local/aris-sensor/snort -c /usr/local/aris-sensor/snort.conf". When I do this snort initializes but what should I see? If I do a snort -vde I do get ARP request, so I am seeing some kind of traffic from the outside interface, but if I do the same thing on the fw box I see everything TCP UDP ICMP and ARP traffic flying bye. The ifconfig for the snort interface is not showing promiscuous mode only Up Running Multicast. When I tail the messsages file when I start snort it says eth0: Promiscuous mode enabled but it does complain about OpenPcap( ) device eth0 network lookup: ^Ieth0: no IPv4 address assigned. There seems to be a conflict. Any suggestions Thanks in advance for your help. Steve Nutt ----- Original Message ----- From: "Rob Hughes" <rob () robhughes com> To: "Snort-users" <Snort-users () lists sourceforge net> Sent: Sunday, June 09, 2002 8:58 PM Subject: Re: [Snort-users] snort not logging On Sat, 2002-06-08 at 15:01, steve nutt wrote:
I am tailing alert and messages files on both boxes. When I port scan from the internet side I get alerts on the firewall box but no alerts on the snort box. Any ideas for no alerts being logged to the snort box????
Try starting snort with just snort -c <your config path/file> and make sure snort is seeing packets. Also, does the output of ifconfig show the interface snort is listening on to be in promiscuous mode? _______________________________________________________________ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas - http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort not logging steve nutt (Jun 08)
- Re: snort not logging Rob Hughes (Jun 09)
- Re: snort not logging steve nutt (Jun 09)
- Re: snort not logging Rob Hughes (Jun 09)
- Re: snort not logging steve nutt (Jun 09)
- <Possible follow-ups>
- snort not logging steve nutt (Jun 08)
- Re: snort not logging Rob Hughes (Jun 09)