Snort mailing list archives
not sure if I have this right
From: Ian Truelsen <ian () ihtruelsen 2y net>
Date: Tue, 30 Jul 2002 16:22:49 -0500
I set up snort the other day and I was wondering how I could go about testing it. So far it hasn't logged anything, which might be good news, but it also might mean that I borked the setup. Here is what I have: snort 1.8.7 on the same box as my iptables based firewall. (Just out of interest, will this tell me everything that is coming into the system or just what gets past the firewall?) Here is the network setup part of the conf: var HOME_NET 192.168.100.0/24 var EXTERNAL_NET !$HOME_NET var SMTP $HOME_NET var HTTP_SERVERS $HOME_NET var SQL_SERVERS $HOME_NET var DNS_SERVERS !$HOME_NET And here is the logging portion: output alert_syslog: LOG_AUTH LOG_ALERT Now, I don't use syslogd but metalog. However, as I understand it, metalog is supposed to mimic the functionality of syslog and the iptables logging works. Can anyone see anything obvious that I have done wrong here, or is my system just being graciously ignored at the moment :) -- Ian Truelsen Masters program in Philosophy University of Manitoba, Winnipeg, Canada BA (Wilfrid Laurier University) Email: ian () ihtruelsen 2y net Homepage: http://www.ihtruelsen.2y.net PGP key available at: http://www.ihtruelsen.2y.net/pgp.html and http://pgp.mit.edu (search 'ihtruelsen')
Attachment:
_bin
Description:
Current thread:
- not sure if I have this right Ian Truelsen (Jul 31)
- RE: not sure if I have this right RR (Jul 31)