Clarification of inbound only logging issue.

["njharris" <njharris () mindspring com>]

O.K. Thanks. It was 1:30 A.M. and I'm a little tired. This should be a little clearer. 

I have set up a second instance of snort to log packets to a mysql database.Everything works fine , except it only sees 
the 
inbound packets. The rule is "log any any any -> any any" , I even tried "log tcp $HOME_NET any -> $EXTERNAL_NET any", 
and it still only logs inbound packets. This is the only rule in the rule base. Snort.conf has been deleted of all 
others. 
My $HOME_NET 10.10.10.0/24
$EXTERNAL_NET !$HOME_NET

When the process is cancelled, snort reports that it logged all packets.

Any help is very appreciated,
Nick Harris
CTO
TNS