[Snort-users] getting snort going to detect any outside access
paul at ...1054...
Tue Jan 2 14:32:56 EST 2001
I just found snort this morning and have tried it with the standard conf
file, but it isn't logging anything and I haven't found a "getting started"
doc which explains how to quickly get up and going.
My setup is a private LAN (192.168.1.0/24) on eth0 and a DSL router/modem
on eth1. I want to detect *ALL* outside access on eth1. I tried this
command-line with the complete rules file:
snort -c snortfull.conf -A full -i eth1 -h 192.168.1.0/24 -e
But it's not logging anything (even when I ping, ftp, telnet, and sniff
from a remote machine I have access to).
I'm sure this is a FAQ (although I couldn't find the answer in the snort
FAQ page), but how can I set it up to detect anything coming from outside
my home network?
If it matters, eth1 is connected as 192.168.0.2 to a DSL modem, which gets
its IP dynamically from my ISP.
Thanks for any insight.
Paul T. Miller | paul at ...1054... | http://www.fxtech.com
More information about the Snort-users