[Snort-users] Snort is too quiet!

Guillaume guillaume at ...4029...
Mon Jan 21 00:23:05 EST 2002


>
> Hello all,
>
> Hope this hasn't been ask too often but my snort catch no alert
> at all. I installed snort 1.8.3 with ACID v0.9.6b19 and there was
> no error during installation.
> My snort box is Linux 2.4.3, located outside firewall, and I
> already set my adapter to promiscuous mode, still nothing happen.
>
> I simply edited a $HOME_NET variable in snort.conf file  and use
> the default rules that came with snort itself.
> Any suggestion?
>
> Thank you very very much.
>
>
> P.S. my snort command is
> ./snort -de -h xxx.xxx.xxx.xxx/24 -c snort.conf -l /var/log/snort
> -i eth1 -D

Hello.

The above command line looks strange : you aks snort to log alerts
under /var/log/snort directory, while you seems wanting to use ACID as
log viewer... And ACID does interface a MySQL DB in which snort logs,
not the /var/log/snort directory...

Look at what's in /var/log/snort. Is there something ? (typically:
lert.log file, maybe a portscan.log one, and subdirectories named
after IPs of incoming connections).

I think that your command line -l option overcame what's inside your
snort.conf.

Try alos to run snort like this :
./snort -de -h xxx.xxx.xxx.xxx/24 -c snort.conf -i eth1 -D

and see what happen.


Regards,

Guillaume

[ Sent with SquirrelMail -  http://www.squirrelmail.org     ]






More information about the Snort-users mailing list