[Snort-users] snort isn't doing anything
joey at ...155...
Fri Sep 29 20:22:51 EDT 2000
This is a common mistake with snort beginners (I did the same thing).
When you use -D, alerts are logged to /var/log/snort.alert. I'm not
aware of a way to override this. Your specified logging directory
should still have the source address directories of the hosts that
produced the alerts.
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Hello folks,
> This is my first post on snort-users, so bear with me :)
> I've installed snort on my firewall/NAT box couple of days, and been struggling
> ever since to get it to work correctly. The OS is OpenBSD 2.7, I've turned off
> ipfilter, so right now it's just a normal box without any firewalling. Snort
> compiled fine and installed okay (except that I had to manually create
> /var/log/snort). Here is what I use to start snort:
> snort -c /etc/snort.rules -i xl0 -l /var/log/snort -A full -v -D
> When I try to test snort, and see if it's even detecting any activity, nothing
> gets logged to /var/log/snort/alert. I tried portscanning, connecting to POP3,
> trying the qpopper exploits, and asked friends to try something. But snort
> logs nothing, or doesnt 'alert' at all. When I take out -D and add -v for
> verbose, I can see traffic and such, so I'm sure it can see traffic passing
> though my ethernet. I got the rule set from "Rules Database" from snort.org (I
> got about 800 rules, just for testing purposes). Does anyone know why this is
> happening? Any help is much appreciated...
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 6.5.8
> Comment: Fingerprint = 4FAF 6F70 B407 08AE 86EF AC0E 130E 932C 69C2 B37B
> -----END PGP SIGNATURE-----
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
More information about the Snort-users