[Snort-users] snort and slackware..(logging question)
mkettler at ...4108...
Thu Jun 27 14:39:03 EDT 2002
Well, your question is pretty much impossible to answer without some more
information, so before someone can answer you, they'll need this kind of
1) what output (aka logging) options are you using in your snort.conf? The
exact lines from your snort.conf pertaining to output, path's replaced with
xxx if you feel the need, would be most helpful.
2) where are you checking for "logged" information? (if you answered
/var/log/messages and did not answer "alert_syslog" above, read up on snort
some more and try finding your alerts file)
3) what snort version are you running?
4) when you started snort with -v did you also specify the same command
line pcap filter?
5) did you specifically see any ALERTS when using -v
6) when using snort without -v what did you do to try to trigger snort to
At 11:43 PM 6/27/2002 +0300, radus wrote:
>I am sorry to bother you all, i posted on the forum and nobody answered so i
>thought i should come to you.
>I use slackware 8.1 and i tried to install snort, everything was ok, i got
>lateste libcap to be sure.
>As i started it as i usually did on my other linux box :
>/usr/local/bin/snort -i eth0 -d -c /path/to/snort.conf not src net x.y.z.u
>dst port 80
>where x.y.z.u is my ip, and smth weird happened, nothing was logged.
>So i used the -v and i saw that snort worked, but here i dunno know what
>be the problem....i think maybe it does not match any rule with the packets i
>receive ... buti could be wrong...
>If you could give me a solution i would me more than thankfull
>ThinkGeek at http://www.ThinkGeek.com/
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>Snort-users list archive:
More information about the Snort-users