[Snort-users] (no subject)

Keith A. Pachulski, PPS netsec at ...136...
Fri Jun 8 14:26:59 EDT 2001


have set this up before but this is the first time on redhat i`ve had an
issue with snort not logging alerts whatsoever..

config file

output alert_syslog: LOG_LOCAL3 LOG_INFO
var HOME_NET x.x.x.x.0/28
var DNS_SERVER x.x.x.x/32 
preprocessor http_decode: 80
preprocessor minfrag: 128
preprocessor portscan: $HOME_NET 25 5 /var/log/portscan.log
preprocessor portscan-ignorehosts: $DNS_SERVER

include /home/snort/nids/webcgi-lib
include /home/snort/nids/webcf-lib
include /home/snort/nids/webiis-lib
include /home/snort/nids/webfp-lib
include /home/snort/nids/webmisc-lib
include /home/snort/nids/overflow-lib
include /home/snort/nids/finger-lib
include /home/snort/nids/ftp-lib
include /home/snort/nids/smtp-lib
include /home/snort/nids/telnet-lib
include /home/snort/nids/misc-lib
include /home/snort/nids/netbios-lib
include /home/snort/nids/misc-lib
include /home/snort/nids/scan-lib
include /home/snort/nids/ddos-lib
include /home/snort/nids/backdoor-lib
include /home/snort/nids/ping-lib
include /home/snort/nids/rpc-lib
include /home/snort/nids/email-virus-lib

syslog conf file

#Keith =)
local3.info             /var/log/systemsec

when I run snort in verbose I see all traffic on the physical and virtual
interface but once I apply the rules snort goes blind..

syslog is working as I tested it, so it comes down to snort not working right

was a basic config with no special options

./configure
make

ssl and sql is running, wasn`t sure how to disable ssl or sql from the snort configure
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20010608/3d787281/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: FireWall.jpg
Type: image/jpeg
Size: 12321 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20010608/3d787281/attachment.jpg>


More information about the Snort-users mailing list