[Snort-users] please help with solaris problem

loki at ...765... loki at ...765...
Wed Nov 8 13:00:17 EST 2000


Attn fellow snorters--

Need help with the following problem. Maybe someone can clarify for me.. 
I have a Solaris machine with 2 interfaces on it.

hme0 => 192.168.X.X
hme1 => 0.0.0.0 (actual ip)

I have installed snort to replace what is currently being used, ISS
RealSecure. RealSecure was binding to hme1 (0.0.0.0), which this interface
is in promisc. mode. In my snort-lib file, I am specifying for my home_net
to be 0.0.0.0/24  .... is this correct?

I am (NOT) receiving ANY logs from traffic over the wire. This solaris box
is on its own hub off of the firewall on its own network away from the
DMZ. I can't go into detail on the topology by know that RealSecure was
able to capture all traffic from hme1 completely fine. Can someone please
shoot me over what I need to do, whether it be assigning any ip to this
interface, changing my home_net.. anything, please advise.


Loki // f8




More information about the Snort-users mailing list