[Snort-users] Too Quiet

Phil foo_bar_00 at ...131...
Tue Apr 10 23:39:40 EDT 2001


Alright, based on the input from everyone here I have
(i'm running Solaris 2.6 x86):

#elxl0 is external interface
var HOME_NET $elxl0_ADDRESS
var EXTERNAL_NET !$HOME_NET

and then I start snort with:
/usr/local/bin/snort -i elxl0 -d -l /var/log/snortlogs
-c /etc/snort/snort.conf
-s -D

Yet I get no logs. I tried sending PHF stuff to set
off snort but it didn't catch it, like:
myip/test/phf?blah/

but it didnt' set off anything. It COULD be because I
have a very tight firewall. Will snort see the stuff
the firewall discards if it's listening on the
external port (the machine is running IPF)?

Am I doing something wrong. I used perty much default
snort.conf and all the *.rules files.

Thanks,
Phil


__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail. 
http://personal.mail.yahoo.com/




More information about the Snort-users mailing list