[Snort-users] CAn't get alerts to log or to work..
Snort Mail List
snort at ...360...
Mon Aug 21 15:22:12 EDT 2000
I'm using Debian 2.2.17 - my Snort command line "snort -d -b -s -c /snort.cfg"
Snort.cfg is the "ping" rules created from snort.org's rules database.
I verifed that the "preprocessor portscan: 172.16/16 3 5 /var/log/snort_portscan.log" is correct.
I verified that the "var HOME_NET 172.16.1.30/32" is correct
I'm just tryint to test out Snort's alerts feature. When I ping 172.16.1.30, I get a file called: /var/log/snort/snort-0821 at ...361... (which I assume is the tcpdump raw file)
However, I don't get any alerts in my /var/log/messages. Nor any place else that I can see.
What might I be doing wrong? What is the difference betwen the "alert" and the "log" header function when creating a rule?
More information about the Snort-users