[Snort-users] getting snort going to detect any outside access

Paul Miller paul at ...1054...
Tue Jan 2 14:32:56 EST 2001


I just found snort this morning and have tried it with the standard conf 
file, but it isn't logging anything and I haven't found a "getting started" 
doc which explains how to quickly get up and going.

My setup is a private LAN (192.168.1.0/24) on eth0 and a DSL router/modem 
on eth1. I want to detect *ALL* outside access on eth1. I tried this 
command-line with the complete rules file:

	snort -c snortfull.conf -A full -i eth1 -h 192.168.1.0/24 -e

But it's not logging anything (even when I ping, ftp, telnet, and sniff 
from a remote machine I have access to).

I'm sure this is a FAQ (although I couldn't find the answer in the snort 
FAQ page), but how can I set it up to detect anything coming from outside 
my home network?

If it matters, eth1 is connected as 192.168.0.2 to a DSL modem, which gets 
its IP dynamically from my ISP.

Thanks for any insight.

--
Paul T. Miller | paul at ...1054... | http://www.fxtech.com





More information about the Snort-users mailing list