Re: Snort not capturing data

[Nigel Houghton <nigel () sourcefire com>]

On  0, snort-users-request () lists sourceforge net allegedly wrote:
> --__--__--
>
> Message: 1
> Date: Fri, 08 Oct 2004 08:43:19 -0700
> From: Ravi Verma <ravi.verma () telecommand com>
> To: Shawn Kottke <skottke () datalink com>
> CC:  snort-users () lists sourceforge net
> Subject: Re: [Snort-users] Snort not capturing data
>
> Dear Shawn:
>
> I checked the value for EXTERNAL_NET and it is set to ANY.  Snort  would 
> not start if EXTERNAL_NET is not defined. Now the entries in snort.conf 
> look  as follows.
>
> var HOME_NET [10.1.0.0/16,10.2.0.0/16,10.4.0.0]
>
> var EXTERNAL_NET !$HOME_NET
>
> Still Snort is not writing any data into mysql.

And it never will until you tell it to do so in your snort.conf.

Your only output line (as far as I can see from the mangled snort.conf) is
output log_tcpdump: tcpdump.log

There isn't any output defined for a database.

+-----------------------------------------------------------------+
    Nigel Houghton      Research Engineer       Sourcefire Inc.
                  Vulnerability Research Team

 Cat: "Forget red - let's go all the way up to brown alert!"
 Kryten: "There's no such thing as a brown alert sir."
 Cat: "You won't be saying that in a minute!"


-------------------------------------------------------
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users