[Snort-users] still newbie questions
ppetriz at ...3815...
Tue Jan 22 07:56:11 EST 2002
We´re having different issues with snort 1.8.3 on RH Linux 6.1 (going to
the box has 2 nics: eth1 with ip 0.0.0.0 connected to the hub of a DMZ and
eth0 connected to the internal network.
starting command: "snort -c snort.conf -l ./log -M /etc/smbhosts -i eth1"
(where smbhosts is a list of the netbios machines to popup alerts)
Issue 1) not sniffing with -D option
start snort with the starting command plus " -D" option apparently the
interface enters and leaves promiscuous mode, so how can i set it manually?
Issue 2) snort is not loggin to the alert file:
start snort with the starting command, then we run nessus against a box at
the home_net and we receive popup smb alerts but nothing is written to the
alert file. What´s wrong?
Issue 3)WARNING: Unknown output plugin SMB_ALERT:
start snort with the starting command and receive the warning but the smb
alerts works fine. Is there something wrong in this line that we´ve added
to the snort.conf? "output smb_alert: /etc/smbhosts"
Nothing else by now. Thanks in advance for your help!
More information about the Snort-users