Snort mailing list archives
Re: getting started how to ..help
From: Michael Boman <michael () ayeka dyndns org>
Date: Thu, 23 Aug 2001 21:02:58 +0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday 23 August 2001 20:46, brentb wrote:
I currently have Snort 1.7 installed on my BSD machine which is a gateway machine for my internal network...When i start snort by doing: #/usr/local/bin/snort -d -h 192.168.0.0/24 -l /var/log/snort.log -c /usr/local/etc/snort.conf & or by starting it from /etc/rc.conf at boot time...it runs ..as i can see the process running with "ps -aux" BUT it doesnt seem to do anything ..ive tested it by scanning the BSD box from another machine out on the internet (from my work) and i see nothing from snort ...no mail ...no syslog ..no warnings of port scans...Nothing... I have followed the README & INSTALL files ..(which are the same howto's found on snorts website) and they are pretty vague... is there a walk thru or an example that i can follow somewhere ...or can someone just give a clue ?? any help is GREATLY appreciated thanx B
how does your snort.conf look like? Try sending us the output from the following: # cat /usr/local/etc/snort.conf | grep -v ^# | grep -v ^$ ( this gives us the whole config file without any comments ) # /usr/local/bin/snort -T -d -h 192.168.0.0/24 -l /var/log/snort -c /usr/local/etc/snort.conf ( "-l" specifies a logdir, while you seem to want to choose a file ) Best regards Michael Boman - -- There is no such thing as a system that is secure out of the box. Tim [Timothy M. Mullen, CIO of AnchorIS.Com] claimed earlier this morning that he had found one at WalMart the other day that was secure out of the box, but as it turns out that was a Nintendo. - -- Jesper M Johansson, Ph.D. Assistant Professor of Information Systems at Boston University - during a SANS audio broadcast -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7hP8HjD4u/xp0yJcRAoolAJ97WR9GXlzMA/30cpQs7h+0Z0wWZwCfffvc iXBCyzeDBQ1ls9mi0mcjdoI= =7uLE -----END PGP SIGNATURE----- _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- getting started how to ..help brentb (Aug 23)
- Re: getting started how to ..help Michael Boman (Aug 23)
- Re: getting started how to ..help Erek Adams (Aug 23)
- <Possible follow-ups>
- RE: getting started how to ..help Erwin (Aug 23)
- RE: getting started how to ..help Mike Shaw (Aug 23)
- Re: getting started how to ..help Michael Boman (Aug 23)