[Snort-users] snort alert -stop working with snort.conf

Cearns Angela acearns at ...131...
Sat Jul 27 20:19:02 EDT 2002


Hi I've 2 simple questions:

1. My snort alert was working fine for a while and
stopped suddernly. It no longer logs port scan file to
my portscan.log in /var/log/snort...nor does it log
icmp large packets alert to my alert file in
/var/log/snort.
I'm using Red Hat Linux 7.3 2.4.18. and snort 1.8.6

I checked the snort.conf file and the homenet was
configure correct (same as what I use for the -h
option on command line).

When I run snort:
snort -dev -l /var/log/snort -h 192.168.0.2/16 -c
snort.conf

It didn't raise any error and it reads in all the
rules.

When I run snort without the config file:
snort -dev -l /var/log/snort
- it accurately created the dest & source ip directory
log the packets into those directories 

Any idea where I should look into the problem?

2. After getting the alert working, I'd like to test
every single one of the rules in snort but I don't
know the various type of intrusion very well. Is there
any test case available that can help me get start?
(e.g. run a nmap -sS....and the portscan alert will be
raise; run a ping ... and a xx alert will be rasie...)

Thanks,
Ang

__________________________________________________
Do You Yahoo!?
Yahoo! Health - Feel better, live better
http://health.yahoo.com




More information about the Snort-users mailing list