Snort mailing list archives
Re: Snort is too quiet!
From: sirikanya () abxnetwork com
Date: Mon, 21 Jan 2002 16:31:23 +0700
Hi,
Now I remove -l option and snort starts to catch something( thank you!thank
you!) but only ICMP packet!!!!
Is this typically normal ??
I also checked the /var/log/snort it also has the same ICMP alert and no
TCP or UDP .
Forgive me but I'm really new to snort..I have to ask the same question
again; What did I miss?
Thank you in advance..
Best Regards,
Sirikanya Buranabunpot
Advanced Business Exchange Co.,Ltd.
Metro Campus
Tel. : (662) 727-4026
Fax. : (662) 726-2916
email : sirikanya () abxnetwork com
"Guillaume"
<guillaume () anteria fr> To: <sirikanya () abxnetwork com>
Sent by: cc: <snort-users () lists sourceforge net>
snort-users-admin () lists sour Subject: Re: [Snort-users] Snort is too quiet!
ceforge.net
01/21/2002 03:34 PM
Please respond to guillaume
Hello all, Hope this hasn't been ask too often but my snort catch no alert at all. I installed snort 1.8.3 with ACID v0.9.6b19 and there was no error during installation. My snort box is Linux 2.4.3, located outside firewall, and I already set my adapter to promiscuous mode, still nothing happen. I simply edited a $HOME_NET variable in snort.conf file and use the default rules that came with snort itself. Any suggestion? Thank you very very much. P.S. my snort command is ./snort -de -h xxx.xxx.xxx.xxx/24 -c snort.conf -l /var/log/snort -i eth1 -D
Hello. The above command line looks strange : you aks snort to log alerts under /var/log/snort directory, while you seems wanting to use ACID as log viewer... And ACID does interface a MySQL DB in which snort logs, not the /var/log/snort directory... Look at what's in /var/log/snort. Is there something ? (typically: lert.log file, maybe a portscan.log one, and subdirectories named after IPs of incoming connections). I think that your command line -l option overcame what's inside your snort.conf. Try alos to run snort like this : ./snort -de -h xxx.xxx.xxx.xxx/24 -c snort.conf -i eth1 -D and see what happen. Regards, Guillaume [ Sent with SquirrelMail - http://www.squirrelmail.org ] _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort is too quiet! sirikanya (Jan 21)
- Re: Snort is too quiet! Guillaume (Jan 21)
- <Possible follow-ups>
- Re: Snort is too quiet! sirikanya (Jan 21)
- Re: Snort is too quiet! Guillaume (Jan 21)
- Re: Snort is too quiet! sirikanya (Jan 23)
- Re: Snort is too quiet! Guillaume (Jan 24)
- generating snort rules automatically Charles (Jan 24)
- Re: generating snort rules automatically Ryan Russell (Jan 24)
- Re: generating snort rules automatically Charles (Jan 24)
- Re: generating snort rules automatically Ryan Russell (Jan 24)
- Re: generating snort rules automatically Charles (Jan 24)
- Re: Snort is too quiet! Guillaume (Jan 24)
- Does snort only work in real time mode? Charles (Jan 24)
- Re: Does snort only work in real time mode? Erek Adams (Jan 24)