[Snort-users] Snort won't log
battery841 at ...506...
Sat Sep 23 16:15:41 EDT 2000
I installed Snort on my FreeBSD box a while ago, and I have been having
a hard time getting Snort to log.
preprocessor portscan: 22.214.171.124/32 3 5 /var/log/snort_portscan.log
var HOME_NET 126.96.36.199/32
The IP addresses are correct. Snort *is not* sitting on the IP masqing box.
It's on a FBSD box that is being masqed. I am using the command:
snort -D -c /usr/local/share/snort/snort.kevin
to load Snort. I noticed that when someone port scanned me, snort -v wasn't
showing any of the portscan packets (I grepped for the person's IP). However,
when I port scanned from inside the network, it picked up the port scan. It
gave a false positive (it said a IIS exploit, not a port scan), but we'll figure
that out later.
Any help would be appreciated. BTW...twistah at ...93... has been
helping me on this.
If anyone replies, please place me in the Cc: as I am not subscribed to
gpg key: http://www.crosswinds.net/members/~battery841/kevin_breit.gpg
More information about the Snort-users