[Snort-users] Help with a config file please?

snort at ...8664... snort at ...8664...
Thu Apr 3 14:26:02 EST 2003


Can some one help me clean up this config? I mean I know that I must have
missed something but my snort IDS is not logging anything. I send it nmap
scans to see if it catches them and no dice. I log into my IIS Outlook Web
Access (one of the rules used to cry about that because of Calendar
something rather other). Still no alerts pop up. I assume that is my
configuration not being up to par. The IP addresses are obfuscated and so
is the username/pass for mysql. I have tried changing the path to the
rules from $Rule_path/rulefile.rule to c:\snort\rules\rulefile.rule to
c:\snort\rules/rulefile.rule to c:/snort/rules/rulefile.rule but I get
nothing whatsoever.

Here is the output of snort /services /show

C:\Snort\bin>snort /service /show
Snort is currently configured to run as a Windows service using the following
command-line parameters:
     -c c:/snort/etc/snort.conf -l c:/snort/log -i2

and snort.conf is attached. For what is worth the 2nd adapter has no
bindings to it what so ever, but if I stop the snort service and run snort
with the command line “snort –v –i2” I do see things taking place. For
what is worth I am running snort 1.9.1

Thanks


Carlos


-------------- next part --------------
A non-text attachment was scrubbed...
Name: snort.conf
Type: application/octet-stream
Size: 25253 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030403/cc3c3e74/attachment.obj>


More information about the Snort-users mailing list