RE: snort not logging to log files..

[Erek Adams <erek () theadamsfamily net>]

On Mon, 22 Apr 2002, Ross Tsolakidis wrote:

> Yes I'm on a switched network...
> The interface I'm on sniffs the main port of entry/exit to the network.  I
> run IPTRAF on that interface and are 100% sure that I see all the traffic
> coming into the network  :)

hehe...  Had to check on some of the simple things just to be on the safe
side.  :)


> I did not edit anything and used the Debian install (apt-get install snort).
> When Debian installs Snort it asks a few questions.
> What interface do you want to listen to ?  (eth0)
> What address range ?   (blah.blah.blah.blah/blah)  ;)
> Do you want root to receive mail ?   (yes)
> So Debian pretty much configures the snort.conf

How about the output of ' grep -v "^#" snort.conf | grep -v "^$" '?

> Debian sets Snort to automatically run.

What command line params does it give to start snort with?

> I've just checked it this morning and I have more blank files in
> /var/log/snort  :)
> Very strange !

Very, very strange.  If you start snort manually with a "snort -vade" do you
see the full packet decode when you run the scan?

> Any ideas ?

Ummmm....  It's the underware gnomes.  :)

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users