[Snort-users] Can see any log message from snort !!

Bill Pennington billp at ...400...
Fri Jan 5 00:32:08 EST 2001


You might want to double check your HOME_NET setting, this is the
problem 9 times out of 10. I am not familar with the ruleset you are
using but you want to check for an entry like:

preprocessor portscan: $INTERNAL 3 5 /var/log/snort/portscan

If you want to send me an e-mail privatly with your IP network settings
and such I might be able to assist you more.

Kevin LEE wrote:
> 
> Hi:
> 
>     I am newbie to snort and I try to download the latest fullset rules
> file.
> 
> I modify the HOME_NET variable to my ip system address and create a
> directory
> 
> under /var/log/snort.
> 
> I run the following command to start snort as daemon.
> 
> snort -A fast -c /etc/snort.rules -D
> 
> where snort.rules is file I download from www.snort.org
> 
> I try to run nmap on my machine for testing as follow;
> 
> nmap -v <ip_address of my host machine>
> 
> File snort.alert is create in the /var/log/snort directory with zero
> byte.
> 
> Did I miss any option in the snort command ?? What is the actual problem
> ??
> 
> --
> Kevin LEE                       Tel:         +61 3 8371 5300
> Software Architect              Direct:      +61 3 8371 5378
> eSec Limited                    Fax:         +61 3 8371 5399
> "Protecting Your e-Business"    Web:         http://www.esec.com.au
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/mailman/listinfo/snort-users

-- 


Bill Pennington - CISSP




More information about the Snort-users mailing list