Snort is not seeing all traffic...

[PJ-ML <p.jones.ml () xsb com>]

Hello all.
Just completed a new install. Snort 2.0, RH9 with mysql and acid on a 
server that is 347MHz with 256 MB ram.
(I would like to consider myself learned, but often find that my lack of 
experience places me in the newb category)

 I ran some exploits on the snort server and acid reported them. I ran the 
same exploits on a server in the same sub-net and acid does not report any 
of this. I looked at the alert file in /var/log/snort and nothing regarding 
the exploits run against the other server are there. I am confused. I 
specified my HOME_NET, for example 10.25.1.0/24... The snort server is 
10.24.1.24 and the server I also ran exploits on is 10.25.1.20.

The ethernet link to hub and to other parts of the network are all 100. 
Could it be the speed of the server? I am lost in fog. Not sure where to 
go, I know that I must tune the server...but I do not know what to tune if 
it is not seeing even purposeful exploits...I will be more than happy  to 
give any more info that anyone requires to help me figure this out except 
for  the root password to my machine ;-)

Thanks everyone.

~PJ



-------------------------------------------------------
Enterprise Linux Forum Conference & Expo, June 4-6, 2003, Santa Clara
The only event dedicated to issues related to Linux enterprise solutions
www.enterpriselinuxforum.com

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users