[Snort-users] What could be the reason....HELP

Ronneil Camara ronneilc at ...4042...
Thu Nov 22 11:35:02 EST 2001


What could be the reason why attacks are not recorded on my database. I
tried demarc but I usually run snort manually. I can see the attack if I
will remove logging of snort to mysql in snort.conf and logs will be
stored in /var/log/snort.
 
 The only traffic that are recorded now are portscan, icmp. And am on a
hub.
I used snort on a non-ip interface.
 
Can you check the debug and my snort.conf if I have missed anything
please.
http://24.253.67.105/snort/debug.txt
http://24.253.67.105/snort/snort.conf
 
And what would be the appropriate approach to disable false positive?
 
Thanks.
 
Neil


More information about the Snort-users mailing list