[Snort-users] snort not logging

steve nutt luckysnutt at ...5190...
Sat Jun 8 22:33:02 EDT 2002


Hello:

I have just setup a dedicated snort box with two network cards sitting
behind a cable modem. The snort box has a 0.0.0.0 address and is not logging
anything in /var/log/alert, and I am running snort with /usr/local/
aris-sensor/snort -A fast -b -q -l /var/log/snort -d -D -c
/usr/local/aris-sensor/snort.conf . I have a hub behind the cable modem and
two boxes plugged into this hub. One a firewall box and the other the snort
box. The second network card of the snort box is connect to the firewall dmz
card. Both boxes have snort running.

like this:

internet--Hub--FW--------Hub----Trusted Network
                |        |--DMZ
                |----snort---|

I am tailing alert and messages files on both boxes. When I port scan from
the internet side I get alerts on the firewall box but no alerts on the
snort box. Any ideas for no alerts being logged to the snort box????

Sincerely:
Steve





More information about the Snort-users mailing list