On Fri, 23 Aug 2002, Joshua Rogers wrote:


> >*  Verify that snort is working.  'snort -vade' should show traffic on your
> network.
> It works and shows traffic on the network. I copied some output above.

Good.  One less thing to worry about.  :)

> >*  Check your snort.conf.  Check HOME_NET and EXTERNAL_NET, to be sure
> >they are set for the correct ranges.
> I have the HOME_NET set for each class c;
> var HOME_NET
> [,,,]
> but my EXTERNAL_NET is set like this:
> Should external net say 'any'?

Well...  It depends.  I tend to define EXTERNAL_NET as "!$HOME_NET" since
that's what I'm interested in.

If you want to see possible attacks 'coming and going' then change it to

> >*  If the MySQL host and snort host are different, make sure you can
> >connect from one to the other.
> The MySQL host and snort are on the same machine.

Ok.  Should work fine.

Time for a 'silly' question:  You are using the db output plugin?  Does snort
give you any errors when you start it?

Erek Adams

