Snort only catches one address and it doesn't exist

[Trevor Cushen <trevor () sysnet ie>]

Hello to all,

strange one that I am hoping one of you can answer.  I have set up snort
several times but this time it's acting funny.

Running on Linux, latest version.

When the snort.conf file says go to database to was sending everything
to screen.  When run with the -D option it ran perfect as in no screen
and all to database.

But when I look in the database all the events are for one ip address. 
The strange thing is that the ip address is the right range or class for
the machines on my dmz where snort is but none of the machines have that
address and there is no NAT in place that would give that address, not
even a dhcp.
Nothing else is showing up even after sending test data that should
raise events.  All connected to a hub, no switching.  The other boxes
are NT web servers

The same config was tested fully on another site with no problems.

Any ideas???

Many thanks in advance
Trevor





-------------------------------------------------------
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users