[Snort-users] snort isn't doing anything

Emre root at ...536...
Fri Sep 29 14:59:52 EDT 2000


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello folks,

This is my first post on snort-users, so bear with me :)
I've installed snort on my firewall/NAT box couple of days, and been struggling
ever since to get it to work correctly.  The OS is OpenBSD 2.7, I've turned off
ipfilter, so right now it's just a normal box without any firewalling.  Snort
compiled fine and installed okay (except that I had to manually create
/var/log/snort).  Here is what I use to start snort:

snort -c /etc/snort.rules -i xl0 -l /var/log/snort -A full -v -D

When I try to test snort, and see if it's even detecting any activity, nothing
gets logged to /var/log/snort/alert.  I tried portscanning, connecting to POP3,
trying the qpopper exploits, and asked friends to try something.  But snort
logs nothing, or doesnt 'alert' at all.  When I take out -D and add -v for
verbose, I can see traffic and such, so I'm sure it can see traffic passing
though my ethernet.  I got the rule set from "Rules Database" from snort.org (I
got about 800 rules, just for testing purposes).  Does anyone know why this is
happening?  Any help is much appreciated...

Cheers,
Emre

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
Comment: Fingerprint = 4FAF 6F70 B407 08AE 86EF AC0E 130E 932C 69C2 B37B

iQA/AwUBOdTocxMOkyxpwrN7EQKpKACeOLkilrym58GKiFhlzatcF/fnUpMAoJJB
2ZIJRz3l8VVZ74sMB18QCByY
=qanh
-----END PGP SIGNATURE-----



More information about the Snort-users mailing list