Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: empty logs..how come ??

From: Matt Kettler <mkettler () evi-inc com>
Date: Thu, 17 Apr 2003 11:25:56 -0400
Have you verified that snort is actualy running?
I noticed you included deleted.rules. Those rules aren't intended to be used and some have typoes that will keep snort from running. If you're running snort in daemon mode, it might not be obvious that it's failing to read your rule files and is bailing out.
Run snort in non-daemon mode and see if it comes up properly. This will also let you watch alerts on the console, in case the logs are going someplace other than your alerts file.
As for the portscan, if you're using the portscan preprocessor it should detect simple "sweeps" of all the ports on a machine. 

At 12:26 PM 4/17/2003 +0200, Bart Decker wrote:
I recently configured Snort...as a newbie i don't know all the ins and outs and maybe i didn't get the whole IDS story . I'm portscanning myself crazy , but i can't see anything in the logs . They stay empty all the time . 



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: