Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Nothing written to logfiles

From: Paul Schmehl <pauls () utdallas edu>
Date: Tue, 15 Jun 2004 10:24:00 -0500
--On Tuesday, June 15, 2004 05:14:10 PM +1000 James Sinnamon <jaymz () bigpond net au> wrote: 


Dear snort developers and users,

I am not getting anything written to my log files.
What happens when you run snort from the commandline? Do you see alerts scrolling across the screen like you do if you use tcpdump? 

I have scanned my own host from a separate Internet connection:

sleepyhollow:sinnamon$nmap -p 21,22,80,443 144.136.251.208


What happens when you scan it with nessus?


greenhouse:/etc/init.d# ps auxwww | grep snort
snort   2030  0.9  3.6 36732 33164 ?     Rs   16:57   0:00
/usr/sbin/snort \  -m 027 -D -c /etc/snort/snort.conf -l /var/log/snort
-d -u snort -g snort \ -O -S HOME_NET=[192.168.0.0/24] -i eth0
First of all, you've defined HOME_NET in your snort conf file. No need to define it on the commandline, plus the way you've done it is meaningless and *should* be generating an error. Have you looked in the messages file for errors when you try to start snort? 

snort HOME_NET=[129.110.0.0/16]
Running in IDS mode with inferred config file: /usr/local/etc/snort.conf
Log directory = /var/log/snort

Initializing Network Interface xl0
OpenPcap() device xl0 network lookup:
       xl0: no IPv4 address assigned
ERROR: OpenPcap() FSM compilation failed:
       syntax error
PCAP command: HOME_NET=[129.110.0.0/16]
Fatal Error, Quitting..

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/ir/security/


-------------------------------------------------------
This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference
Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer
Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA
REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: