snort alert -stop working with snort.conf

[Cearns Angela <acearns () yahoo com>]

Hi I've 2 simple questions:

1. My snort alert was working fine for a while and
stopped suddernly. It no longer logs port scan file to
my portscan.log in /var/log/snort...nor does it log
icmp large packets alert to my alert file in
/var/log/snort.
I'm using Red Hat Linux 7.3 2.4.18. and snort 1.8.6

I checked the snort.conf file and the homenet was
configure correct (same as what I use for the -h
option on command line).

When I run snort:
snort -dev -l /var/log/snort -h 192.168.0.2/16 -c
snort.conf

It didn't raise any error and it reads in all the
rules.

When I run snort without the config file:
snort -dev -l /var/log/snort
- it accurately created the dest & source ip directory
log the packets into those directories 

Any idea where I should look into the problem?

2. After getting the alert working, I'd like to test
every single one of the rules in snort but I don't
know the various type of intrusion very well. Is there
any test case available that can help me get start?
(e.g. run a nmap -sS....and the portscan alert will be
raise; run a ping ... and a xx alert will be rasie...)

Thanks,
Ang

__________________________________________________
Do You Yahoo!?
Yahoo! Health - Feel better, live better
http://health.yahoo.com


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users