[Snort-users] it's working. I think...

Martin Roesch roesch at ...421...
Mon Nov 27 00:30:47 EST 2000


Snort isn't running, your ps|grep is just seeing the "grep" part being
executed.  You should definitely be seeing something in the log
files/alerts...

Ok, things to do:

1) download snort-1.6.3-patch2 from http://www.snort.org or
http://snort.sourceforge.net and build/install it
2) Tell us what command line you're using with it
3) Tell us how you setup your rules file

    -Marty

curt wrote:
> 
> I'd normally think that no news is good news, but my logs are empty and
> I'm a little suspicious....
> 
> If I
> 
> curt at ...856...:~ > ps -ax|grep snort
> 
> I get:
> 
> 2840 pts/0    S      0:00 grep snort
> curt at ...856...:~ >
> 
> which looks good.  When I run the on-line shield probe at
> 
> http://www.dslreports.com/tools
> 
> it mostly returns no open ports (UDP or TCP) other than the odd UDP port
> 67 or 68 open.  But I think I ought to see something in the logs for the
> pings, and I'm not.  Is there another test that I can use to verify
> functionality?
> 
> TIA,
> 
> curt
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/snort-users

-- 
Martin Roesch
roesch at ...421...
http://www.snort.org



More information about the Snort-users mailing list