Snort mailing list archives
RE: [SPAM] - Snort not logging all packets - Email found in subject
From: sEc nErD <umkcguy1978 () yahoo com>
Date: Mon, 7 Mar 2005 12:01:41 -0800 (PST)
I am logging snort in the /var/log/messages and also on a remote security information management system like netforensics. I can see some http insepct preprocessor messages but i know its missing out on a lot of them. below si the tcpdump output. this is what i see when i do tcpdump #tcpdump -i eth1 tcpdump: WARNING: eth1: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes 14:08:26.965161 IP 12.40.44.251 > 69.151.58.226: ESP(spi=0x96ebf27b,seq=0x503) 1 packets captured 670 packets received by filter 622 packets dropped by kernel Marc Hering <mhering () reval com> wrote: Are you logging into the console? Or via an SSH session? --------------------------------- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of sEc nErD Sent: Monday, March 07, 2005 2:41 PM To: snort-users () lists sourceforge net Subject: [SPAM] - [Snort-users] Snort not logging all packets - Email found in subject Hi all, I am runnning snort on a fedora box and i started with a doubt that it is not logging all the packets. I checked it with tcp dump and when i stop tcpdump i see 90% of the packets being dropped by the kernel. When i see /var/log/messages i see the below error for both sniffing interfaces OpenPcap() device eth0 network lookup: ^Ieth0: no IPv4 address assigned I checked the version of libpcap running it is " libpcap-0.8.3-3 " Output of # uname -a Linux localhost.localdomain 2.6.5-1.358smp #1 SMP Sat May 8 09:25:36 EDT 2004 i686 i686 i386 GNU/Linux If anybody could help me on this i would really appreciate it. thanks all, kaps --------------------------------- Celebrate Yahoo!'s 10th Birthday! Yahoo! Netrospective: 100 Moments of the Web __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Current thread:
- RE: [SPAM] - Snort not logging all packets - Email found in subject Marc Hering (Mar 07)
- Re: [SPAM] - Snort not logging all packets - Email found in subject J-H Johansen (Mar 08)
- <Possible follow-ups>
- RE: [SPAM] - Snort not logging all packets - Email found in subject sEc nErD (Mar 07)
- RE: [SPAM] - Snort not logging all packets - Email found in subject Marc Hering (Mar 07)
- RE: [SPAM] - Snort not logging all packets - Email found in subject sEc nErD (Mar 07)