[Snort-users] Too Quiet
foo_bar_00 at ...131...
Tue Apr 10 23:39:40 EDT 2001
Alright, based on the input from everyone here I have
(i'm running Solaris 2.6 x86):
#elxl0 is external interface
var HOME_NET $elxl0_ADDRESS
var EXTERNAL_NET !$HOME_NET
and then I start snort with:
/usr/local/bin/snort -i elxl0 -d -l /var/log/snortlogs
Yet I get no logs. I tried sending PHF stuff to set
off snort but it didn't catch it, like:
but it didnt' set off anything. It COULD be because I
have a very tight firewall. Will snort see the stuff
the firewall discards if it's listening on the
external port (the machine is running IPF)?
Am I doing something wrong. I used perty much default
snort.conf and all the *.rules files.
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail.
More information about the Snort-users