[Snort-users] Snort is too quiet!

sirikanya at ...4625... sirikanya at ...4625...
Mon Jan 21 01:44:02 EST 2002


Now I remove -l option and snort starts to catch something( thank you!thank
you!) but only ICMP packet!!!!
Is this typically normal ??
I also checked  the /var/log/snort it also has the same ICMP alert and no
TCP or UDP .
Forgive me but I'm really new to snort..I have to ask the same question
again; What did I miss?

Thank you  in advance..

Best Regards,
Sirikanya Buranabunpot
Advanced Business Exchange Co.,Ltd.
Metro Campus
Tel.  :  (662) 727-4026
Fax.  :  (662) 726-2916
email : sirikanya at ...4625...

                      <guillaume at ...4029...>              To:       <sirikanya at ...4625...>                   
                      Sent by:                            cc:       <snort-users at lists.sourceforge.net>          
                      snort-users-admin at ...4626...        Subject:  Re: [Snort-users] Snort is too quiet!        
                      01/21/2002 03:34 PM                                                                        
                      Please respond to guillaume                                                                

> Hello all,
> Hope this hasn't been ask too often but my snort catch no alert
> at all. I installed snort 1.8.3 with ACID v0.9.6b19 and there was
> no error during installation.
> My snort box is Linux 2.4.3, located outside firewall, and I
> already set my adapter to promiscuous mode, still nothing happen.
> I simply edited a $HOME_NET variable in snort.conf file  and use
> the default rules that came with snort itself.
> Any suggestion?
> Thank you very very much.
> P.S. my snort command is
> ./snort -de -h xxx.xxx.xxx.xxx/24 -c snort.conf -l /var/log/snort
> -i eth1 -D


The above command line looks strange : you aks snort to log alerts
under /var/log/snort directory, while you seems wanting to use ACID as
log viewer... And ACID does interface a MySQL DB in which snort logs,
not the /var/log/snort directory...

Look at what's in /var/log/snort. Is there something ? (typically:
lert.log file, maybe a portscan.log one, and subdirectories named
after IPs of incoming connections).

I think that your command line -l option overcame what's inside your

Try alos to run snort like this :
./snort -de -h xxx.xxx.xxx.xxx/24 -c snort.conf -i eth1 -D

and see what happen.



[ Sent with SquirrelMail -  http://www.squirrelmail.org     ]

Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list