Re: subnet alerting problem

["Al Lewis \(allewi\) via Snort-users" <snort-users () lists snort org>]

Hello,

Are you spanning all network traffic or running snort inline? If not.. snort isn’t seeing all of the traffic on your 
network.


Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
Cisco Systems Inc.
Email: allewi () cisco com<mailto:allewi () cisco com>


From: Snort-users <snort-users-bounces () lists snort org> on behalf of basan via Snort-users <snort-users () lists 
snort org>
Reply-To: basan <basan_j () hotmail com>
Date: Wednesday, January 23, 2019 at 7:46 AM
To: "snort-users () lists snort org" <snort-users () lists snort org>
Subject: [Snort-users] subnet alerting problem

Hello,
I recently downloaded and installed snort3 on ubuntu 18, it is working fine but it gives me alert only for its 
interface IP address, although I have used the entire subnet range for the HOME_NET in the snort.lua configuration. Is 
there a way that snort can give me alert for all the hosts in the HOME_NET range addresses?

Below is the command that I use to run snort:
snort -c /usr/local/etc/snort/snort.lua -R /usr/local/etc/snort/rules/local.rules \-i ens5 -A alert_fast -s 65535 -k 
none

Thanks,
Basan

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

        To unsubscribe, send an email to:
        snort-users-leave () lists snort org

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette