[Snort-users] still newbie questions

Petriz, Pablo ppetriz at ...3815...
Tue Jan 22 07:56:11 EST 2002


Hello list

We´re having different issues with snort 1.8.3 on RH Linux 6.1 (going to
7.2)
the box has 2 nics: eth1 with ip 0.0.0.0 connected to the hub of a DMZ and
eth0 connected to the internal network.

starting command: "snort -c snort.conf -l ./log -M /etc/smbhosts -i eth1"
(where smbhosts is a list of the netbios machines to popup alerts)

Issue 1) not sniffing with -D option
start snort with the starting command plus " -D" option apparently the 
interface enters and leaves promiscuous mode, so how can i set it manually?

Issue 2) snort is not loggin to the alert file: 
start snort with the starting command, then we run nessus against a box at
the home_net and we receive popup smb alerts but nothing is written to the 
alert file. What´s wrong?

Issue 3)WARNING: Unknown output plugin SMB_ALERT:
start snort with the starting command and receive the warning but the smb
alerts works fine. Is there something wrong in this line that we´ve added
to the snort.conf? "output smb_alert: /etc/smbhosts"

Nothing else by now. Thanks in advance for your help!


PABLO




More information about the Snort-users mailing list