Snort mailing list archives
Re: Snort 2.0 not logging any alerts
From: Matt Kettler <mkettler () evi-inc com>
Date: Wed, 30 Apr 2003 18:53:03 -0400
At 05:35 PM 4/30/2003 -0400, stormshadow wrote:
snort -dev -l log -h 192.168.1.0/24 -c snort.conf from root directory. I created a /log within this directory for snort. Snort isn't logging anything to the "alert" file in the /log
In this mode, it won't.. you've not daemonized snort so it will run in interactive mode all the alerts will be logged to standard out. You'll need to specify -D to daemonize snort if you want it to detach from your current session and log to /var/log/snort
I run snort again, I open up another shell and do: tail -f /var/log/snort/alert. I then nmap the snort machine but no logs show up!
Well, if the above isn't the crux of your problem you left out a lot of information about your setup and the test you performed that might be useful
What is HOME_NET and EXTERNAL_NET set to in your snort.conf? (note that -h on the command line does no serve the same function as var HOME_NET
Is the source of the nmap scan in either of these ranges?Is the snort machine itself (ie: target of the nmap) in either of these ranges?
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort 2.0 not logging any alerts stormshadow (Apr 30)
- Re: Snort 2.0 not logging any alerts Matt Kettler (Apr 30)