Snort mailing list archives
RE: Snort
From: "Semerjian, Ohanes" <Semerjian.Ohanes () wcom com au>
Date: Wed, 20 Feb 2002 14:02:24 +0800
start with simple line command something like /path/snort -c ./snort.conf and see, and scan the snort machine, u should see something in the log. The u could fine tune your parameters. Also try to log to a database like mysql for example and use ACID to view the reports and do queries. Best Regards Ohanes Semerjian -----Original Message----- From: Scott Taylor [mailto:scottt () soccer com] Sent: Wednesday, 20 February 2002 8:46 To: Snort-users () lists sourceforge net Subject: [Snort-users] Snort I'm running snort 1.8.3-5 on Redhat 7.1. Libpcap is 0.6.2-9. Below is showing how my sensor is located. The external ip of my firewall is x.x.x.27 and the ip on my sensor is x.x.x.223 the subnet mask from my isp is 255.255.255.0 _ |h| ISP-----DSL-------|u|-------snort-box |b|-------firewall------|Lan| - I've set my snort.conf home_net and all the variables regarding ip address's to "any". If I run snort in sniffer mode I can see traffic. If I run in NIDS mode it shows nothing in the logs. even if I go to grc.com and do a portscan it show's nothing in /var/log/snort/alert or portscan.log . There is also a file snort- timestamp.log but it is in binary format. I'm trying to setup Snort Snarf to read the log's. When I run it it generates the page but there are no alerts. It shows it's looking in alerts and portscan.log. Here's the command I'm running snort with: snort -l /var/log/snort - c /etc/snort/snort.conf -o -b -A FULL -z est How do I read what's in the snort-timestamp.log? Why is it now logging any alerts or portscans? Thanks for any help and take three drinks if your so inclined. Cheers, Scott THERE IS ONLY ONE... SOCCER.COM, The Center of the Soccer Universe http://www.soccer.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users