Snort mailing list archives
Snort isn't doing anything..
From: "Marc Hering" <mhering () reval com>
Date: Wed, 2 Mar 2005 17:09:16 -0500
Hey Everyone... I just setup my first snort box running on Fedora Core 3. I installed everything, including ACID and started snort up...It starts up just fine and a ps auxww |grep snort shows that the app is running.. 502 3740 0.7 14.5 41444 37196 ? Ss 16:56 0:01 /usr/local/bin/snort -c /usr/local/snort/etc/snort.conf -i eth1 -g snortgroup -D -u snortuser However, If I run an nmap scan (doesn't matter what options) on any host on my network (Snort can see it, it's on a hub) it doesn't log anything. So far it's only logged 1 alert for a SQL scan.. I have tried updating the rules to no avail... My snort.conf is the default out of the box setup, the only things i have changed are as follows ***********************Changed items in snort.conf******************************** var RULE_PATH /usr/local/snort/rules output database: log, mysql, user=thepropersnortuser password=snortuserspassword dbname=thesnortdatabase host=localhost (Names have been changed to protect the innocent :) ) output alert_syslog: LOG_LOCAL3 output alert_fast: snort.log output alert_full: alert.full ************************************************
From what I can understand....this SHOULD work, is there something I
have missed???? Thanks
Current thread:
- Snort isn't doing anything.. Marc Hering (Mar 02)
- <Possible follow-ups>
- RE: Snort isn't doing anything.. Harper, Patrick (Mar 02)