[Snort-users] getting snort going to detect any outside access

Paul Miller paul at ...1054...
Tue Jan 2 14:32:56 EST 2001

I just found snort this morning and have tried it with the standard conf 
file, but it isn't logging anything and I haven't found a "getting started" 
doc which explains how to quickly get up and going.

My setup is a private LAN ( on eth0 and a DSL router/modem 
on eth1. I want to detect *ALL* outside access on eth1. I tried this 
command-line with the complete rules file:

	snort -c snortfull.conf -A full -i eth1 -h -e

But it's not logging anything (even when I ping, ftp, telnet, and sniff 
from a remote machine I have access to).

I'm sure this is a FAQ (although I couldn't find the answer in the snort 
FAQ page), but how can I set it up to detect anything coming from outside 
my home network?

If it matters, eth1 is connected as to a DSL modem, which gets 
its IP dynamically from my ISP.

Thanks for any insight.

Paul T. Miller | paul at ...1054... | http://www.fxtech.com

More information about the Snort-users mailing list