Snort mailing list archives
Re: UPDATE eth1 without an IP = no worky
From: James Lay <slave_tothe_box () yahoo com>
Date: Thu, 26 Jun 2003 06:49:07 -0600
On Wed, 25 Jun 2003 14:26:01 -0500 "Jason Whitson" <jason () visionxtreme net> wrote:
"What is your specific error?" - Unable to activate eth1. This is using the RH's network config screen. - I use ifconfig eth1 up and don't get any output, so I assume it's up I can get snort to run on the command line with: snort -b -A fast -c snort.conf with snort.conf having this line: var HOME_NET 172.16.0.0/32 (I am testing inside with a hub between 2 active switches) It just shows a screen on the console with no more output after loading. Should the ACID console be showing data? Also I have the snortd file to start snort upon boot but it never works. Even after changing eth0 to eth1. Ideas? I've been working on this all day, maybe I need to step away ... but I am not getting anywhere. Jason Whitson VisionXtreme Computers www.visionxtreme.net
Jason, Ok..wow...first off, if you're running snort in IDS mode, you'll want to add -D for daemon mode. My rc.snort file has: /usr/local/bin/snort -q -i eth1 -D -o -c /etc/snort/snort.conf You won't see anything in the console... If you're NOT running wanting to run in daemon mode then add the -v switch to see what's going on...I use that when using snort to sniff an active connection. Second, in RedHat you'll need to muck with the SysV stuff, or add the above line or your own to rc.local to start on boot. Third, make sure your snort.conf has the output database line uncommented. I use both ACID and syslog for my setup here. Hope this helps. James ------------------------------------------------------- This SF.Net email is sponsored by: INetU Attention Web Developers & Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- eth1 without an IP = no worky Jason Whitson (Jun 25)
- Re: eth1 without an IP = no worky James Lay (Jun 25)
- Re: eth1 without an IP = no worky Erek Adams (Jun 25)
- Re: eth1 without an IP = no worky Matt Kettler (Jun 25)
- Re: eth1 without an IP = no worky Joe Matusiewicz (Jun 25)
- UPDATE eth1 without an IP = no worky Jason Whitson (Jun 25)
- Re: UPDATE eth1 without an IP = no worky James Lay (Jun 26)
- UPDATE eth1 without an IP = no worky Jason Whitson (Jun 25)