[Snort-users] Snort

Semerjian, Ohanes Semerjian.Ohanes at ...4899...
Tue Feb 19 22:03:07 EST 2002


start with simple line command something like

/path/snort -c ./snort.conf and see, and scan the snort machine, u should
see something in the log. The u could fine tune your parameters. Also try to
log to a database like mysql for example and use ACID to view the reports
and do queries.




Best Regards

Ohanes Semerjian

-----Original Message-----
From: Scott Taylor [mailto:scottt at ...4859...]
Sent: Wednesday, 20 February 2002 8:46
To: Snort-users at lists.sourceforge.net
Subject: [Snort-users] Snort


I'm running snort 1.8.3-5 on Redhat 7.1. Libpcap 
is 0.6.2-9. Below is showing how my sensor is 
located. The external ip of my firewall is 
x.x.x.27 and the ip on my sensor is x.x.x.223
the subnet mask from my isp is 255.255.255.0
                    _
                   |h|
 ISP-----DSL-------|u|-------snort-box
                   |b|-------firewall------|Lan|
                    -
I've set my snort.conf home_net and all the 
variables regarding ip address's to "any". If I 
run snort in sniffer mode I can see traffic. If 
I run in NIDS mode it shows nothing in the logs. 
even if I go to grc.com and do a portscan it 
show's nothing in /var/log/snort/alert or 
portscan.log . There is also a file snort-
timestamp.log but it is in binary format. I'm 
trying to setup Snort Snarf to read the log's. 
When I run it it generates the page but there 
are no alerts. It shows it's looking in alerts 
and portscan.log. Here's the command I'm running 
snort with:

snort -l /var/log/snort -
c /etc/snort/snort.conf -o -b -A FULL -z est

How do I read what's in the snort-timestamp.log?
Why is it now logging any alerts or portscans?

Thanks for any help and take three drinks if 
your so inclined.

Cheers,
Scott



THERE IS ONLY ONE... 
SOCCER.COM, The Center of the Soccer Universe
http://www.soccer.com

_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list