[Snort-users] CAn't get alerts to log or to work..

Snort Mail List snort at ...360...
Mon Aug 21 15:22:12 EDT 2000


I'm using Debian 2.2.17 - my Snort command line "snort -d -b -s -c /snort.cfg"

Snort.cfg is the "ping" rules created from snort.org's rules database.

I verifed that the "preprocessor portscan: 172.16/16 3 5 /var/log/snort_portscan.log" is correct.

I verified that the "var HOME_NET 172.16.1.30/32" is correct

I'm just tryint to test out Snort's alerts feature.  When I ping 172.16.1.30, I get a file called: /var/log/snort/snort-0821 at ...361...  (which I assume is the tcpdump raw file)

However, I don't get any alerts in my /var/log/messages.  Nor any place else that I can see.

What might I be doing wrong?  What is the difference betwen the "alert" and the "log" header function when creating a rule?




More information about the Snort-users mailing list