[Snort-users] portscan.log empty despite nmap scan?

systemic at ...1936... systemic at ...1936...
Thu Jun 20 19:20:03 EDT 2002


Hello,
I succesfully installed snort-1.8.3 on an OpenBSD 3.1 firewall today. I've been nmapping it's NIC facing the internet from another workstation on my internal network to see if I get a log of the event. /var/log/snort/portscan.log and alert are there but empty. In /etc/snort.conf I've specified my NIC facing the internet as:
var HOME_NET [12.228.128.74]
external network addresses as:
var EXTERNAL_NET any

I've tried running snort the following ways and then running my scan:
/usr/local/bin/snort &
/usr/local/bin/snort -A full &
/usr/local/bin/snort -A full -c /etc/snort.conf -l /var/log/snort &
/usr/local/bin/snort -A full -c /etc/snort.conf -s -l /var/log/snort &

Anyone know this isn't working the way I want it to?

I'd appreciate any advice :)




More information about the Snort-users mailing list