[Snort-users] problems getting logs :(

Mohamed Sentissi sentissi at ...1999...
Wed May 9 11:30:10 EDT 2001


hello

 I installed snort couple of days ago and when I run it and ran nmap on
myself (on my private address ) it gave just one log entry ! and this
morning and yesterday night I don't get any more logs :( even if I run
nmap on myself!

snort.conf:

var HOME_NET $eth0_ADDRESS

var EXTERNAL_NET any

var DNS_SERVERS [204.212.170.2,204.212.170.12]

preprocessor defrag
preprocessor http_decode: 80 8080
preprocessor portscan: $HOME_NET 4 3 /var/log/snort/portscan.log
preprocessor portscan-ignorehosts: $DNS_SERVERS
output alert_syslog: LOG_AUTHPRIV LOG_ALERT
include /etc/snort/webcgi-lib
include /etc/snort/webcf-lib
include /etc/snort/webiis-lib
include /etc/snort/webfp-lib
include /etc/snort/webmisc-lib
include /etc/snort/overflow-lib
include /etc/snort/finger-lib
include /etc/snort/ftp-lib
include /etc/snort/smtp-lib
include /etc/snort/telnet-lib
include /etc/snort/misc-lib
include /etc/snort/netbios-lib
include /etc/snort/scan-lib
include /etc/snort/ddos-lib
include /etc/snort/backdoor-lib
include /etc/snort/ping-lib
include /etc/snort/rpc-lib


the command I run is :
 /usr/sbin/snort -u snort -g snort -D -i eth0 -d  -c
/etc/snort/snort.conf

I don't know if it's a permission problem on some log files but .....

anybody faced this provlem before ?

nmap : nmap -sX -P0 -D 1.2.3.4,5.6.7.8 192.168.1.1






More information about the Snort-users mailing list