[Snort-users] snort not logging
luckysnutt at ...5190...
Sun Jun 9 17:36:03 EDT 2002
Please give an example of the using "snort -c <your config path/file> ".
Like this? "/usr/local/aris-sensor/snort -c
/usr/local/aris-sensor/snort.conf". When I do this snort initializes but
what should I see?
If I do a snort -vde I do get ARP request, so I am seeing some kind of
traffic from the outside interface, but if I do the same thing on the fw box
I see everything TCP UDP ICMP and ARP traffic flying bye. The ifconfig for
the snort interface is not showing promiscuous mode only Up Running
Multicast. When I tail the messsages file when I start snort it says eth0:
Promiscuous mode enabled but it does complain about OpenPcap( ) device eth0
network lookup: ^Ieth0: no IPv4 address assigned. There seems to be a
Thanks in advance for your help.
----- Original Message -----
From: "Rob Hughes" <rob at ...1932...>
To: "Snort-users" <Snort-users at lists.sourceforge.net>
Sent: Sunday, June 09, 2002 8:58 PM
Subject: Re: [Snort-users] snort not logging
On Sat, 2002-06-08 at 15:01, steve nutt wrote:
> I am tailing alert and messages files on both boxes. When I port scan from
> the internet side I get alerts on the firewall box but no alerts on the
> snort box. Any ideas for no alerts being logged to the snort box????
Try starting snort with just snort -c <your config path/file> and make
sure snort is seeing packets. Also, does the output of ifconfig show the
interface snort is listening on to be in promiscuous mode?
More information about the Snort-users