Snort mailing list archives

Newbie Questions

From: "Davis Lee" <lee_d () aps edu>
Date: Thu, 26 Oct 2006 16:10:15 -0600

Greetings & TIA,

I have two boxes plugged into the same switch. 

One is Snort 2.44 on FC4 displayed through Base 1.2.2 (cindy).

Two is Snort 2.6.02 on FC5 displayed through Base 1.2.6 (Christine).

AFAIK, the snort.conf files are identical (at least my visual step
through shows them to be the same). Also, the local.rules file is almost
the same, except for the order of listing. 

Cindy is giving me a whole lot more info than Christine. Christine only
shows UDP, and misses a lot of info that Wireshark, running on her box,
does show.

Where should I start in order to get more info from Christine? I've
looked at var/log/snort and I think Christine is reporting all she sees.



Thanks,
Davis Lee


-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Newbie Questions Davis Lee (Oct 26)
- Re: Newbie Questions Justin Heath (Oct 27)
- Re: Newbie Questions Adam Keeton (Oct 27)