not sure if I have this right

[Ian Truelsen <ian () ihtruelsen 2y net>]

I set up snort the other day and I was wondering how I could go about
testing it.

So far it hasn't logged anything, which might be good news, but it also
might mean that I borked the setup.

Here is what I have:

snort 1.8.7 on the same box as my iptables based firewall. (Just out of
interest, will this tell me everything that is coming into the system or
just what gets past the firewall?)

Here is the network setup part of the conf:

var HOME_NET 192.168.100.0/24
var EXTERNAL_NET !$HOME_NET
var SMTP $HOME_NET
var HTTP_SERVERS $HOME_NET
var SQL_SERVERS $HOME_NET
var DNS_SERVERS !$HOME_NET

And here is the logging portion:

output alert_syslog: LOG_AUTH LOG_ALERT

Now, I don't use syslogd but metalog. However, as I understand it,
metalog is supposed to mimic the functionality of syslog and the
iptables logging works.

Can anyone see anything obvious that I have done wrong here, or is my
system just being graciously ignored at the moment :)

-- 
Ian Truelsen
Masters program in Philosophy 
University of Manitoba, Winnipeg, Canada
BA (Wilfrid Laurier University)
Email: ian () ihtruelsen 2y net
Homepage: http://www.ihtruelsen.2y.net
PGP key available at: http://www.ihtruelsen.2y.net/pgp.html 
and http://pgp.mit.edu (search 'ihtruelsen')

Attachment: _bin
Description: