Semerjian.Ohanes at ...4899...
Tue Feb 19 22:03:07 EST 2002
start with simple line command something like
/path/snort -c ./snort.conf and see, and scan the snort machine, u should
see something in the log. The u could fine tune your parameters. Also try to
log to a database like mysql for example and use ACID to view the reports
and do queries.
From: Scott Taylor [mailto:scottt at ...4859...]
Sent: Wednesday, 20 February 2002 8:46
To: Snort-users at lists.sourceforge.net
Subject: [Snort-users] Snort
I'm running snort 1.8.3-5 on Redhat 7.1. Libpcap
is 0.6.2-9. Below is showing how my sensor is
located. The external ip of my firewall is
x.x.x.27 and the ip on my sensor is x.x.x.223
the subnet mask from my isp is 255.255.255.0
I've set my snort.conf home_net and all the
variables regarding ip address's to "any". If I
run snort in sniffer mode I can see traffic. If
I run in NIDS mode it shows nothing in the logs.
even if I go to grc.com and do a portscan it
show's nothing in /var/log/snort/alert or
portscan.log . There is also a file snort-
timestamp.log but it is in binary format. I'm
trying to setup Snort Snarf to read the log's.
When I run it it generates the page but there
are no alerts. It shows it's looking in alerts
and portscan.log. Here's the command I'm running
snort -l /var/log/snort -
c /etc/snort/snort.conf -o -b -A FULL -z est
How do I read what's in the snort-timestamp.log?
Why is it now logging any alerts or portscans?
Thanks for any help and take three drinks if
your so inclined.
THERE IS ONLY ONE...
SOCCER.COM, The Center of the Soccer Universe
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
More information about the Snort-users