[Snort-users] snort alert -stop working with snort.conf
acearns at ...131...
Sat Jul 27 20:19:02 EDT 2002
Hi I've 2 simple questions:
1. My snort alert was working fine for a while and
stopped suddernly. It no longer logs port scan file to
my portscan.log in /var/log/snort...nor does it log
icmp large packets alert to my alert file in
I'm using Red Hat Linux 7.3 2.4.18. and snort 1.8.6
I checked the snort.conf file and the homenet was
configure correct (same as what I use for the -h
option on command line).
When I run snort:
snort -dev -l /var/log/snort -h 192.168.0.2/16 -c
It didn't raise any error and it reads in all the
When I run snort without the config file:
snort -dev -l /var/log/snort
- it accurately created the dest & source ip directory
log the packets into those directories
Any idea where I should look into the problem?
2. After getting the alert working, I'd like to test
every single one of the rules in snort but I don't
know the various type of intrusion very well. Is there
any test case available that can help me get start?
(e.g. run a nmap -sS....and the portscan alert will be
raise; run a ping ... and a xx alert will be rasie...)
Do You Yahoo!?
Yahoo! Health - Feel better, live better
More information about the Snort-users