[Snort-users] Am I missing Something? (changes from 1.8.2 to 1.8.3 ?)

Dany Allard dallard at ...1295...
Mon Feb 11 13:01:11 EST 2002


Hello Everyone.

  Here is my problem.

 Using  a recent snort.conf file (snort.conf,v 1.82 2002/01/20 04:35:40
roesch) I can get snort 1.8.2 to work perfectly.
However if I use the same snort.conf file, same rules, and same command
to start it up
"/usr/local/bin/snort -D -b -c /etc/snort/snort.conf -h xxx.xxx.xxx.0/24
-i eth1" with version 1.8.3 I don't get anything.
I then use a second machine to portscan (nmap) my HOME_NET, nothing
shows up in portscan.log using 1.8.3. but 1.8.2 picks up everything.

To answer the usual questions:
 I have read the FAQ, INSTALL,Changelog, and README files.
I have also searched through the archives.
I am running the  2.2.14-15 linux kernel.
I am also using libnet-1.0-1mdk, libtermcap-devel-2.0.8-16mdk,
libpcap-0.4-3mdk.

Snort was compiled using the standard (configure, make, make install).

Did I miss something in the Documentation? The Archives? Do I need a
newer version (kernel, libraries)?

Any assistance or even guesses would be helpful.

Thanks

Dany Allard

P.S. I also tried snort-current downloaded this morning (Feb 11 2002)
with no success.





More information about the Snort-users mailing list