still newbie questions

["Petriz, Pablo" <ppetriz () siscat com ar>]

Hello list

We´re having different issues with snort 1.8.3 on RH Linux 6.1 (going to
7.2)
the box has 2 nics: eth1 with ip 0.0.0.0 connected to the hub of a DMZ and
eth0 connected to the internal network.

starting command: "snort -c snort.conf -l ./log -M /etc/smbhosts -i eth1"
(where smbhosts is a list of the netbios machines to popup alerts)

Issue 1) not sniffing with -D option
start snort with the starting command plus " -D" option apparently the 
interface enters and leaves promiscuous mode, so how can i set it manually?

Issue 2) snort is not loggin to the alert file: 
start snort with the starting command, then we run nessus against a box at
the home_net and we receive popup smb alerts but nothing is written to the 
alert file. What´s wrong?

Issue 3)WARNING: Unknown output plugin SMB_ALERT:
start snort with the starting command and receive the warning but the smb
alerts works fine. Is there something wrong in this line that we´ve added
to the snort.conf? "output smb_alert: /etc/smbhosts"

Nothing else by now. Thanks in advance for your help!


PABLO

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users