Snort mailing list archives
Snort only catches one address and it doesn't exist
From: Trevor Cushen <trevor () sysnet ie>
Date: 14 Aug 2002 16:14:08 +0100
Hello to all, strange one that I am hoping one of you can answer. I have set up snort several times but this time it's acting funny. Running on Linux, latest version. When the snort.conf file says go to database to was sending everything to screen. When run with the -D option it ran perfect as in no screen and all to database. But when I look in the database all the events are for one ip address. The strange thing is that the ip address is the right range or class for the machines on my dmz where snort is but none of the machines have that address and there is no NAT in place that would give that address, not even a dhcp. Nothing else is showing up even after sending test data that should raise events. All connected to a hub, no switching. The other boxes are NT web servers The same config was tested fully on another site with no problems. Any ideas??? Many thanks in advance Trevor ------------------------------------------------------- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code=31 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort only catches one address and it doesn't exist Trevor Cushen (Aug 14)