Snort mailing list archives
Re: snort and slackware..(logging question)
From: Matt Kettler <mkettler () evi-inc com>
Date: Thu, 27 Jun 2002 17:40:05 -0400
Well, your question is pretty much impossible to answer without some more information, so before someone can answer you, they'll need this kind of information:
1) what output (aka logging) options are you using in your snort.conf? The exact lines from your snort.conf pertaining to output, path's replaced with xxx if you feel the need, would be most helpful.
2) where are you checking for "logged" information? (if you answered /var/log/messages and did not answer "alert_syslog" above, read up on snort some more and try finding your alerts file)
3) what snort version are you running?4) when you started snort with -v did you also specify the same command line pcap filter?
5) did you specifically see any ALERTS when using -v6) when using snort without -v what did you do to try to trigger snort to log something?
At 11:43 PM 6/27/2002 +0300, radus wrote:
Hello! I am sorry to bother you all, i posted on the forum and nobody answered so i thought i should come to you.I use slackware 8.1 and i tried to install snort, everything was ok, i got thelateste libcap to be sure. As i started it as i usually did on my other linux box :/usr/local/bin/snort -i eth0 -d -c /path/to/snort.conf not src net x.y.z.u anddst port 80 where x.y.z.u is my ip, and smth weird happened, nothing was logged.So i used the -v and i saw that snort worked, but here i dunno know what couldbe the problem....i think maybe it does not match any rule with the packets i receive ... buti could be wrong... If you could give me a solution i would me more than thankfull Radu ------------------------------------------------------- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Bringing you mounds of caffeinated joy. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort and slackware.. radus (Jun 27)
- Re: snort and slackware..(logging question) Matt Kettler (Jun 27)