[Snort-users] Same question again..

Erek Adams erek at ...577...
Tue May 28 14:06:05 EDT 2002


On Tue, 28 May 2002, C Boss wrote:

> This is how I startup Snort:
>
> /usr/local/snort -b snort.conf -i eth0 -D

Ok, it might be a typo, but change that "-b" to a "-c".  Also, since snort
picks the 'first' interface, you should be able to remove the "-i eth0".  If
it doesn't, you could also make that a config directive like:

	config interface:  eth0

While testing, I would suggest removing the "-D" from the command line.  That
way you're able to 'see' what errors are popping up.

> THis is how the relevant part of my snort.conf looks like:
>
> output alert_syslog: LOG_LOCAL7 LOG_ALERT
>
> output log_tcpdump: snort.log

Looks fine.

See if those changes help any.

Cheers!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net





More information about the Snort-users mailing list