[Snort-users] Am I missing Something? (changes from 1.8.2 to 1.8.3 ?)

Scott Nursten scottn at ...4526...
Tue Feb 12 13:42:08 EST 2002


KISS is a good idea ;) Also, just try a simple snort -v and see if it's
dumping traffic normally - tcpdump style. This is also a good initial test.

Regards,

Scott 

On 12/2/02 1:01 am, "Semerjian, Ohanes" <Semerjian.Ohanes at ...4899...>
wrote:

> Just keep it simple to start with something like
> 
> /path/snort -c /path/snort.conf and see if u r snort machine will pickup
> something, also for test purpose leave the external and home net as (any to
> any ). Once working refine it as u like.
> 
> 
> 
> Best Regards
> 
> Ohanes Semerjian
> 
> 
> -----Original Message-----
> From: Dany Allard [mailto:dallard at ...1295...]
> Sent: Tuesday, 12 February 2002 7:59
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] Am I missing Something? (changes from 1.8.2 to
> 1.8.3 ?)
> 
> 
> Hello Everyone.
> 
> Here is my problem.
> 
> Using  a recent snort.conf file (snort.conf,v 1.82 2002/01/20 04:35:40
> roesch) I can get snort 1.8.2 to work perfectly.
> However if I use the same snort.conf file, same rules, and same command
> to start it up
> "/usr/local/bin/snort -D -b -c /etc/snort/snort.conf -h xxx.xxx.xxx.0/24
> -i eth1" with version 1.8.3 I don't get anything.
> I then use a second machine to portscan (nmap) my HOME_NET, nothing
> shows up in portscan.log using 1.8.3. but 1.8.2 picks up everything.
> 
> To answer the usual questions:
> I have read the FAQ, INSTALL,Changelog, and README files.
> I have also searched through the archives.
> I am running the  2.2.14-15 linux kernel.
> I am also using libnet-1.0-1mdk, libtermcap-devel-2.0.8-16mdk,
> libpcap-0.4-3mdk.
> 
> Snort was compiled using the standard (configure, make, make install).
> 
> Did I miss something in the Documentation? The Archives? Do I need a
> newer version (kernel, libraries)?
> 
> Any assistance or even guesses would be helpful.
> 
> Thanks
> 
> Dany Allard
> 
> P.S. I also tried snort-current downloaded this morning (Feb 11 2002)
> with no success.
> 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 

-- 






More information about the Snort-users mailing list