No alerts?

["Russell Packer" <russell.packer () arnoldinteractive com>]

Hi all,

Only just start with Snort, and I'm a little puzzled as to why I'm not seeing any alerts...

I'm running all Linux, and have this setup:

Box1 -- Box2 -- Box3

Box2 is running iptables and snort, and has 2 NICs. Everything works cool, apart from I don't see any Snort alerts.


I think the two most relevant parts from my snort.conf are:

1.) Sending the alerts to the syslog
output alert_syslog: LOG_AUTH LOG_ALERT

2.) My test rules:
include $RULE_PATH/test.rules

test.rules contains:

alert tcp any any -> any any (msg:"TCP traffic";)

Snort is started with -D -c /etc/snort/snort.conf and shows up in the process list.

In theory, any tcp traffic should generate an alert in the syslog, yes?

So I FTP from Box1 to Box3 and connect OK, which should generate an alert, yes? Unfortunately, I get nothing.

Any help much appreciated?


-------------------------------------------------------
This SF.net email is sponsored by: Perforce Software.
Perforce is the Fast Software Configuration Management System offering
advanced branching capabilities and atomic changes on 50+ platforms.
Free Eval! http://www.perforce.com/perforce/loadprog.html
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users