Re: Snort Just Does Not Want To Work on Shadow Interrface

[Rhugga <snort-list () sandiego420 com>]

Harper, Patrick wrote:

> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=ort-users
>  
Will someone please find a large heavy cinder block and smash it over my 
head.

Once I got snort reading the interface w/o an IP address it was matching 
rules, I was being tired and lazy and using Acid to determine this. 
(after a 16-hr day and 3 fatening catered meals) I actually have 2 acid 
directories, one that uses my internal sensor database and 1 that uses a 
database for my external sensor. I have the internal IDS off so it was 
not logging anything. I was looking at the internal snort's database  
via acid to see what my external sensor was doing. duh. If I would have 
looked at the raw data stream in the first place like a normal person. 
(sorry, browsers are too easy to ues, =)

Anyway thanks for all the help all, and sorry if I was short with anyone 
just having a ton of bricks dropped on me lately at work and blah ...... 
Im sure everyone here is in the same boat in this economy. Same IT 
workload, 1/3 the people.

Thx,
RHugga





-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users