Snort mailing list archives
empty logs..how come ??
From: "Bart Decker" <decker78 () hotpop com>
Date: Thu, 17 Apr 2003 12:26:07 +0200 (W. Europe Daylight Time)
I recently configured Snort...as a newbie i don't know all the ins and outs and maybe i didn't get the whole IDS story . I'm portscanning myself crazy , but i can't see anything in the logs . They stay empty all the time . any ideas ? (i use iptables on the linux server ) Starting with : snort -v -c /etc/snort.conf -D -i eth0 Snort.Conf var HOME_NET 192.168.0.1/24 var EXTERNAL_NET any var SMTP $HOME_NET var RULE_PATH /root/Snort_Rules preprocessor frag2 preprocessor stream4: detect_scans preprocessor stream4_reassemble preprocessor portscan: $HOME_NET 4 3 portscan.log include $RULE_PATH/bad-traffic.rules include $RULE_PATH/exploit.rules include $RULE_PATH/scan.rules include $RULE_PATH/finger.rules include $RULE_PATH/ftp.rules include $RULE_PATH/icmp-info.rules include $RULE_PATH/imap.rules include $RULE_PATH/info.rules include $RULE_PATH/local.rules include $RULE_PATH/misc.rules include $RULE_PATH/multimedia.rules include $RULE_PATH/mysql.rules include $RULE_PATH/netbios.rules include $RULE_PATH/nntp.rules include $RULE_PATH/oracle.rules include $RULE_PATH/other-ids.rules include $RULE_PATH/p2p.rules include $RULE_PATH/policy.rules include $RULE_PATH/pop2.rules include $RULE_PATH/pop3.rules include $RULE_PATH/porn.rules include $RULE_PATH/rpc.rules include $RULE_PATH/rservices.rules include $RULE_PATH/scan.rules include $RULE_PATH/shellcode.rules include $RULE_PATH/smtp.rules include $RULE_PATH/snmp.rules include $RULE_PATH/sql.rules include $RULE_PATH/telnet.rules include $RULE_PATH/tftp.rules include $RULE_PATH/virus.rules include $RULE_PATH/web-attacks.rules include $RULE_PATH/web-cgi.rules include $RULE_PATH/attack-responses.rules include $RULE_PATH/backdoor.rules include $RULE_PATH/chat.rules include $RULE_PATH/classification.rules include $RULE_PATH/ddos.rules include $RULE_PATH/deleted.rules include $RULE_PATH/dns.rules include $RULE_PATH/dos.rules
Current thread:
- empty logs..how come ?? Bart Decker (Apr 17)
- Re: empty logs..how come ?? Matt Kettler (Apr 17)