Snort mailing list archives
Re: Snort only alerting about IP its running on
From: "Al Lewis (allewi)" <allewi () cisco com>
Date: Fri, 26 Jun 2015 15:26:53 +0000
Also.. You may want to change your EXTERNAL_NET variable from "!HOME_NET" to "any" if you aren't inline and want to see everything on your network (even internal to internal traffic). Albert Lewis QA Software Engineer SOURCEfire, Inc. now part of Cisco 9780 Patuxent Woods Drive Columbia, MD 21046 Phone: (office) 443.430.7112 Email: allewi () cisco com -----Original Message----- From: Al Lewis (allewi) Sent: Friday, June 26, 2015 11:21 AM To: 'Rahul Bhonsale'; snort-users () lists sourceforge net Subject: RE: Snort only alerting about IP its running on The traffic has to be mirrored/spanned to snort or snort has to be placed inline with the traffic. Your nic will only see broadcast and unicast traffic for its IP without the correct network setup. Albert Lewis QA Software Engineer SOURCEfire, Inc. now part of Cisco 9780 Patuxent Woods Drive Columbia, MD 21046 Phone: (office) 443.430.7112 Email: allewi () cisco com -----Original Message----- From: Rahul Bhonsale [mailto:rbhonsale () invariant-corp com] Sent: Friday, June 26, 2015 11:06 AM To: snort-users () lists sourceforge net Subject: [Snort-users] Snort only alerting about IP its running on I'm trying to set up a snort IDS from my machine(opensuse 13.1) to monitor the entire network. When I run snort I am sniffing all the packets and monitoring all computers on the network, but I am only getting alerts for my machine. I want the alert file to alert me about ALL IP's. I also tried including specific IP adressess in HOME_NET and it would still only alert me about my opensuse machine. My snort.conf: HOME_NET 192.168.1.0/24 EXTERNAL_NET !$HOME_NET output alert_fast: /var/log/snort/fast_alert.txt I am using pulledpork for my one snort.rules file. I run snort as so: snort -d -c /etc/snort/snort.conf -vv also, It might be important information that I do not have eth0 as a network device option. How can I make snort alert me for all machines/IP's on the network? ------------------------------------------------------------------------------ Monitor 25 network devices or servers for free with OpManager! OpManager is web-based network management software that monitors network devices and physical & virtual servers, alerts via email & sms for fault. Monitor 25 devices for free with no restriction. Download now http://ad.doubleclick.net/ddm/clk/292181274;119417398;o _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! ------------------------------------------------------------------------------ Monitor 25 network devices or servers for free with OpManager! OpManager is web-based network management software that monitors network devices and physical & virtual servers, alerts via email & sms for fault. Monitor 25 devices for free with no restriction. Download now http://ad.doubleclick.net/ddm/clk/292181274;119417398;o _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort only alerting about IP its running on Rahul Bhonsale (Jun 26)
- Re: Snort only alerting about IP its running on Al Lewis (allewi) (Jun 26)
- Re: Snort only alerting about IP its running on Al Lewis (allewi) (Jun 26)