Snort mailing list archives
snort alert ip source/Dest changed
From: kinomakino <kinomakino () hotmail com>
Date: Wed, 10 Sep 2014 13:38:58 +0200
As always, thanks for reading I have a problem with an installation of Snort and IP source / destination alerts. The problem is that it changes the source IP to the destination, and vice versa. I think it's been since I've activated "k none", but if not active, detects almost no traffic, just a few rules. I have to say it's a VPS with a nic (eth2) and an alias (eth2: 1). Both IP's are public, but the web server listens on the IP of eth2: 1. Thanks for everything. My snort command is: ./snort --daq --daq pcap-mode passive -i d eth2: 1 c u snort snort -g /etc/snort/snort.conf l / var / log / snort k none
------------------------------------------------------------------------------ Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- snort alert ip source/Dest changed kinomakino (Sep 10)