[Snort-users] Snort won't log

Kevin Breit battery841 at ...506...
Sat Sep 23 16:15:41 EDT 2000

	I installed Snort on my FreeBSD box a while ago, and I have been having
a hard time getting Snort to log.

preprocessor portscan: 3 5 /var/log/snort_portscan.log

The IP addresses are correct.  Snort *is not* sitting on the IP masqing box.
It's on a FBSD box that is being masqed.  I am using the command:
snort -D -c /usr/local/share/snort/snort.kevin
to load Snort.  I noticed that when someone port scanned me, snort -v wasn't
showing any of the portscan packets (I grepped for the person's IP).  However,
when I port scanned from inside the network, it picked up the port scan.  It
gave a false positive (it said a IIS exploit, not a port scan), but we'll figure
that out later.
	Any help would be appreciated.  BTW...twistah at ...93... has been
helping me on this.
	If anyone replies, please place me in the Cc: as I am not subscribed to
this list.
gpg key: http://www.crosswinds.net/members/~battery841/kevin_breit.gpg

More information about the Snort-users mailing list