Snort mailing list archives

Re: Snort 2.0 not logging any alerts

From: Matt Kettler <mkettler () evi-inc com>
Date: Wed, 30 Apr 2003 18:53:03 -0400

At 05:35 PM 4/30/2003 -0400, stormshadow wrote:

snort -dev -l log -h 192.168.1.0/24 -c snort.conf
from root directory. I created a /log within this directory for snort.
Snort isn't logging anything to the "alert" file in the /log

In this mode, it won't.. you've not daemonized snort so it will run ininteractive mode all the alerts will be logged to standard out. You'll needto specify -D to daemonize snort if you want it to detach from your currentsession and log to /var/log/snort

 I run snort again, I open up another shell and do:
tail -f /var/log/snort/alert. I then nmap the snort machine but no logs
show up!

Well, if the above isn't the crux of your problem you left out a lot ofinformation about your setup and the test you performed that might be useful

What is HOME_NET and EXTERNAL_NET set to in your snort.conf? (note that -hon the command line does no serve the same function as var HOME_NET


Is the source of the nmap scan in either of these ranges?

Is the snort machine itself (ie: target of the nmap) in either of these ranges?



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snort 2.0 not logging any alerts stormshadow (Apr 30)
- Re: Snort 2.0 not logging any alerts Matt Kettler (Apr 30)