[Snort-users] Too Quiet

Brian Caswell bmc at ...312...
Wed Apr 11 00:57:04 EDT 2001


Phil wrote:
> 
> Alright, based on the input from everyone here I have
> (i'm running Solaris 2.6 x86):
> 
> #elxl0 is external interface
> var HOME_NET $elxl0_ADDRESS
> var EXTERNAL_NET !$HOME_NET
> 
> and then I start snort with:
> /usr/local/bin/snort -i elxl0 -d -l /var/log/snortlogs
> -c /etc/snort/snort.conf
> -s -D
> 
> Yet I get no logs. I tried sending PHF stuff to set
> off snort but it didn't catch it, like:
> myip/test/phf?blah/

Well, that should still work just fine.  Are you sure you are doing the
phf attack from EXTERNAL_NET?

Make sure you check syslog since you are telling snort to log things
there.

-brian




More information about the Snort-users mailing list