[Snort-users] Can see any log message from snort !!
billp at ...400...
Fri Jan 5 00:32:08 EST 2001
You might want to double check your HOME_NET setting, this is the
problem 9 times out of 10. I am not familar with the ruleset you are
using but you want to check for an entry like:
preprocessor portscan: $INTERNAL 3 5 /var/log/snort/portscan
If you want to send me an e-mail privatly with your IP network settings
and such I might be able to assist you more.
Kevin LEE wrote:
> I am newbie to snort and I try to download the latest fullset rules
> I modify the HOME_NET variable to my ip system address and create a
> under /var/log/snort.
> I run the following command to start snort as daemon.
> snort -A fast -c /etc/snort.rules -D
> where snort.rules is file I download from www.snort.org
> I try to run nmap on my machine for testing as follow;
> nmap -v <ip_address of my host machine>
> File snort.alert is create in the /var/log/snort directory with zero
> Did I miss any option in the snort command ?? What is the actual problem
> Kevin LEE Tel: +61 3 8371 5300
> Software Architect Direct: +61 3 8371 5378
> eSec Limited Fax: +61 3 8371 5399
> "Protecting Your e-Business" Web: http://www.esec.com.au
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
Bill Pennington - CISSP
More information about the Snort-users