[Snort-users] Same question again..
erek at ...577...
Tue May 28 14:06:05 EDT 2002
On Tue, 28 May 2002, C Boss wrote:
> This is how I startup Snort:
> /usr/local/snort -b snort.conf -i eth0 -D
Ok, it might be a typo, but change that "-b" to a "-c". Also, since snort
picks the 'first' interface, you should be able to remove the "-i eth0". If
it doesn't, you could also make that a config directive like:
config interface: eth0
While testing, I would suggest removing the "-D" from the command line. That
way you're able to 'see' what errors are popping up.
> THis is how the relevant part of my snort.conf looks like:
> output alert_syslog: LOG_LOCAL7 LOG_ALERT
> output log_tcpdump: snort.log
See if those changes help any.
More information about the Snort-users