[Snort-users] Snort won't log

Martin Roesch roesch at ...421...
Mon Oct 2 15:07:36 EDT 2000

Yikes, that's an odd way to do packet filtering. Check out the USAGE file for
Snort.  If you want to filter for traffic from a specific host, use the BPF
filtering interface.  For example: 'snort -v host <foo>' where <foo> is the IP
you're interested in.  If Snort doesn't produce anything, it can't see the
traffic from that host and you should make sure it's on the right interface.


Kevin Breit wrote:
> On Sat, Sep 23, 2000 at 02:24:12PM -0700, Dragos Ruiu wrote:
> > Depending on how your masquerade/nat box is configured
> > it should stop the portscans from ever reaching your interior
> > net and thus no alarms on the interior.  Have you tried to
> > look at the data in the "sniffer" mode to verify the packets
> > are there?
> Well, on the Snort box, yes.  I did
> snort -v | grep <whatever the IP was>
> It didn't come up with anything.
> Kevin
> --
> gpg key: http://www.crosswinds.net/members/~battery841/kevin_breit.gpg
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/snort-users

Martin Roesch
roesch at ...421...

More information about the Snort-users mailing list