Re: (no subject)

[Jason Benway <benwaynet () gmail com>]

Thank you, I had to change the alertmode=fast to alertmode=

from /var/sysconfig/snort to remove the --A

now I get 

 snort      386     1 20 14:58 ?        00:00:02 /usr/sbin/snort -b -d
-D -i eth0 -u snort -g snort -c /etc/snort/snort.conf -l
/var/log/snort/eth0
snort      392     1 20 14:58 ?        00:00:02 /usr/sbin/snort -b -d
-D -i eth1 -u snort -g snort -c /etc/snort/snort.conf -l
/var/log/snort/eth1

I'll watch base to see if I get any new data.

thank you
jb

On 8/1/05, Jason Brvenik <jasonb () sourcefire com> wrote:
> The problem is that snort is being started with -A fast which will
> override any configured outputs in snort.conf
>
> You need to remove --A fast from the startup script and all should work
> fine.
>
>
> Jason Benway wrote:
>
> > snort    32082     1  3 04:02 ?        00:21:39 /usr/sbin/snort -A
> > fast -b -d -D -i eth0 -u snort -g snort -c /etc/snort/snort.conf -l
> > /var/log/snort/eth0
> > snort    32088     1  3 04:02 ?        00:20:36 /usr/sbin/snort -A
> > fast -b -d -D -i eth1 -u snort -g snort -c /etc/snort/snort.conf -l
> > /var/log/snort/eth1
> > root     32741 32334  0 14:48 pts/0    00:00:00 grep snort
> >
> >
> > On 8/1/05, Jason Brvenik <jasonb () sourcefire com> wrote:
> >
> >
> > > ps -efwww | grep snort
> > >
> > > what command line do you start snort with?


-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id492&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users