[Snort-users] Snort won't log

Martin Roesch roesch at ...421...
Mon Oct 2 15:07:36 EDT 2000


Yikes, that's an odd way to do packet filtering. Check out the USAGE file for
Snort.  If you want to filter for traffic from a specific host, use the BPF
filtering interface.  For example: 'snort -v host <foo>' where <foo> is the IP
you're interested in.  If Snort doesn't produce anything, it can't see the
traffic from that host and you should make sure it's on the right interface.

    -Marty

Kevin Breit wrote:
> 
> On Sat, Sep 23, 2000 at 02:24:12PM -0700, Dragos Ruiu wrote:
> > Depending on how your masquerade/nat box is configured
> > it should stop the portscans from ever reaching your interior
> > net and thus no alarms on the interior.  Have you tried to
> > look at the data in the "sniffer" mode to verify the packets
> > are there?
> Well, on the Snort box, yes.  I did
> snort -v | grep <whatever the IP was>
> It didn't come up with anything.
> Kevin
> --
> gpg key: http://www.crosswinds.net/members/~battery841/kevin_breit.gpg
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/snort-users

-- 
Martin Roesch
roesch at ...421...
http://www.snort.org



More information about the Snort-users mailing list