[Snort-users] snort and slackware..(logging question)

Matt Kettler mkettler at ...4108...
Thu Jun 27 14:39:03 EDT 2002


Well, your question is pretty much impossible to answer without some more 
information, so before someone can answer you, they'll need this kind of 
information:

1) what output (aka logging) options are you using in your snort.conf? The 
exact lines from your snort.conf pertaining to output, path's replaced with 
xxx if you feel the need, would be most helpful.

2) where are you checking for "logged" information? (if you answered 
/var/log/messages and did not answer "alert_syslog" above, read up on snort 
some more and try finding your alerts file)

3) what snort version are you running?

4) when you started snort with -v did you also specify the same command 
line pcap filter?

5) did you specifically see any ALERTS when using -v

6) when using snort without -v what did you do to try to trigger snort to 
log something?

At 11:43 PM 6/27/2002 +0300, radus wrote:
>Hello!
>I am sorry to bother you all, i posted on  the forum and nobody answered so i
>thought i should come to you.
>
>I use slackware 8.1 and i tried to install snort, everything was ok, i got 
>the
>lateste libcap to be sure.
>
>As i started it as i usually did on my other linux box :
>/usr/local/bin/snort -i eth0 -d -c /path/to/snort.conf not src net x.y.z.u 
>and
>dst port 80
>where  x.y.z.u is my ip, and smth weird happened, nothing was logged.
>So i used the -v and i saw that snort worked, but here i dunno know what 
>could
>be the problem....i think maybe it does not match any rule with the packets i
>receive ... buti could be wrong...
>If you could give me a solution i would me more than thankfull
>
>Radu
>
>
>-------------------------------------------------------
>Sponsored by:
>ThinkGeek at http://www.ThinkGeek.com/
>_______________________________________________
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list





More information about the Snort-users mailing list