[Snort-users] Snort with Acid : Network

Wirth, Jeff WirthJe at ...4874...
Tue Aug 27 06:45:03 EDT 2002


From: j [mailto:jai.s at ...6716...]

>Hi,
>
>I have configured snort with mysql, acid. successfully in linux box.
>
>In the configuration i have specified 
>
>   var HOME_NET x.x.x.x/22
>   var EXTERNAL_NET any   
>
>Now the problem, after running snort  for past 1 week... i am seeing
details only of that ip address where snort is installed.
>and i didn't find any detail of other machines which are in network.
>
>I have done portscan from one machine to another machine, the snort machine
which is in same network didn't detect.
>
>is it something more i have to  do ??? ,
>if yes...wht it should be , snice its large network...

What type of network layer device are you plugged into?? Sounds like you
have snort plugged into a switch. Which would explain why you are only
seeing traffic to/from the snort box.


- Jeff




More information about the Snort-users mailing list