[Snort-users] MySQL Logging ?

Erek Adams erek at ...577...
Mon Jan 28 11:23:06 EST 2002


On Mon, 28 Jan 2002, Brian Ipsen wrote:

[...snip...]

> where interface for test purposes has been set to lo

This would be the issue.  Loopbacks don't ever really pass any traffic.
Normally the kernel will 'short-circuit' and bring them right back to the box,
w/o hitting the pcap layer.  If it doesn't hit the pcap layer, snort will
never see it to log it, and you'll get nothing in the DB.

Try your main ether and see what's going on.  That should get you some traffic
coming in....

Easy test:  Compare the output of "snort -dv -i <non-loopback>" to the output
of "snort -dv -i <loopback>".  Force some traffic over each interface (ping -i
<if>) and see if there is a difference.

Hope that helps!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net





More information about the Snort-users mailing list