[Snort-users] not sure if I have this right
ian at ...6489...
Tue Jul 30 14:23:05 EDT 2002
I set up snort the other day and I was wondering how I could go about
So far it hasn't logged anything, which might be good news, but it also
might mean that I borked the setup.
Here is what I have:
snort 1.8.7 on the same box as my iptables based firewall. (Just out of
interest, will this tell me everything that is coming into the system or
just what gets past the firewall?)
Here is the network setup part of the conf:
var HOME_NET 192.168.100.0/24
var EXTERNAL_NET !$HOME_NET
var SMTP $HOME_NET
var HTTP_SERVERS $HOME_NET
var SQL_SERVERS $HOME_NET
var DNS_SERVERS !$HOME_NET
And here is the logging portion:
output alert_syslog: LOG_AUTH LOG_ALERT
Now, I don't use syslogd but metalog. However, as I understand it,
metalog is supposed to mimic the functionality of syslog and the
iptables logging works.
Can anyone see anything obvious that I have done wrong here, or is my
system just being graciously ignored at the moment :)
Masters program in Philosophy
University of Manitoba, Winnipeg, Canada
BA (Wilfrid Laurier University)
Email: ian at ...6489...
PGP key available at: http://www.ihtruelsen.2y.net/pgp.html
and http://pgp.mit.edu (search 'ihtruelsen')
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
More information about the Snort-users