Snort mailing list archives

Re: Same question again..

From: Erek Adams <erek () theadamsfamily net>
Date: Tue, 28 May 2002 14:05:39 -0700 (PDT)

On Tue, 28 May 2002, C Boss wrote:

This is how I startup Snort:

/usr/local/snort -b snort.conf -i eth0 -D


Ok, it might be a typo, but change that "-b" to a "-c".  Also, since snort
picks the 'first' interface, you should be able to remove the "-i eth0".  If
it doesn't, you could also make that a config directive like:

        config interface:  eth0

While testing, I would suggest removing the "-D" from the command line.  That
way you're able to 'see' what errors are popping up.

THis is how the relevant part of my snort.conf looks like:

output alert_syslog: LOG_LOCAL7 LOG_ALERT

output log_tcpdump: snort.log


Looks fine.

See if those changes help any.

Cheers!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net


_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Same question again.. C Boss (May 25)
- Re: Same question again.. John Sage (May 25)
- Re: Same question again.. Bamm Visscher (May 25)
- Re: Same question again.. Erek Adams (May 25)
- <Possible follow-ups>
- Re: Same question again.. C Boss (May 29)
  - Re: Same question again.. Erek Adams (May 28)