[Snort-users] Snort won't log

Kevin Breit battery841 at ...506...
Sat Sep 23 16:15:41 EDT 2000


Hi,
	I installed Snort on my FreeBSD box a while ago, and I have been having
a hard time getting Snort to log.

preprocessor portscan: 24.131.191.110/32 3 5 /var/log/snort_portscan.log
var HOME_NET 24.131.191.110/32

The IP addresses are correct.  Snort *is not* sitting on the IP masqing box.
It's on a FBSD box that is being masqed.  I am using the command:
snort -D -c /usr/local/share/snort/snort.kevin
to load Snort.  I noticed that when someone port scanned me, snort -v wasn't
showing any of the portscan packets (I grepped for the person's IP).  However,
when I port scanned from inside the network, it picked up the port scan.  It
gave a false positive (it said a IIS exploit, not a port scan), but we'll figure
that out later.
	Any help would be appreciated.  BTW...twistah at ...93... has been
helping me on this.
	If anyone replies, please place me in the Cc: as I am not subscribed to
this list.
Thanks
kevin
-- 
gpg key: http://www.crosswinds.net/members/~battery841/kevin_breit.gpg



More information about the Snort-users mailing list