[Snort-sigs] (no subject)

Simon Blixt blixten_496 at ...12...
Sat Apr 21 08:52:42 EDT 2012


I am new to Snort and just managed to set up v. 2.9.2 on Ubuntu 10.04. I have now created an own simple rule, just to try out my setup. It looks like this:
alert tcp any any -> any any (content:"www.uid11.local""; msg:"First rule test"; sid: 132321;)

And I run snort like this:
/usr/local/lib/snort/bin/snort -u snort -g snort -c /usr/local/lib/snort/etc/snort.conf -i eth1

But it doesn't work! Nothing happens. After I've hit CTRL+C I see that it has controlled xxx packets, but nothing more, no drops, alerts etc.

My server running Snort got two interfaces, eth0 and eth1. eth0 got IP and eth1 got

I got a webserver on the network with IP And I have a client on with IP
To make it possible for my client to reach the webserver I've activated IPv4-forwarding in /etc/sysctl.conf on the server running Snort.
So the client got as it's default gateway, and the webserver

So my topology looks like this:

What else do you need to know? I need your help to figure out what my noobish head don't understand.

Thank you in advance! 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20120421/28a4355a/attachment.html>

More information about the Snort-sigs mailing list