Snort mailing list archives
RE: Snort ain't logging anything...
From: "L. Christopher Luther" <CLuther () Xybernaut com>
Date: Thu, 6 Feb 2003 12:42:39 -0500
Try running snort in sniffer mode (e.g., snort -v -i eth0). In sniffer mode, snort should display to the console all packets that it sees. If you're getting data, then let the list know and we can proceed on to the next test. - Christopher -----Original Message----- From: "Mam Ruoc" <mamruoc () hotmail com> To: snort-users () lists sourceforge net Date: Thu, 06 Feb 2003 11:54:55 +0100 Subject: [Snort-users] Snort ain't logging anything... Greetings snort-experts First off all, I'm a newbie, please be patient with me.... I got some problem after upgrading to Snort 1.9.0. I've been configuring snort.conf a dozen times, I've set Iptables to accept everything (droppped using IPTables), 'cause I thought packets might been filtered before Snort. Nothing helped... Then I found that my eth0 wasn't in promiscuous mode, so I'd manually add it to startup... Somebody said that's the problem, 'cause Snort couldn't retrieve data without the NIC beeing in promiscuous mode (is that right)That didn't help either... Can somebody please tell what I can do to detect what's wrong?? I've used programs like nmap and sneeze (which tests rulesets by sending bogus packets), the only thing I've got back is: 'snort: (spp_arpspoof) Ethernet/ARP Mismatch request for Destination' in my syslog. My system is: Snort version 1.9.0 (Build 209) (supporting mysql) _________________________________________________________________ MSN Messenger http://www.msn.no/messenger - Den korteste veien mellom deg og dine venner
Current thread:
- Snort ain't logging anything... Mam Ruoc (Feb 06)
- <Possible follow-ups>
- RE: Snort ain't logging anything... L. Christopher Luther (Feb 06)
- RE: Snort ain't logging anything... Mam Ruoc (Feb 06)
- RE: RE: Snort ain't logging anything... Michael Steele (Feb 06)