[Snort-users] emty logs

Bart Decker decker78 at ...8908...
Thu Apr 17 07:26:34 EDT 2003


I recently configured Snort...as a newbie i don't know all the ins and outs
and maybe i didn't get the whole IDS story .
I'm portscanning myself crazy , but i can't see anything in the logs . They
stay empty all the time .

any ideas ? (i use iptables on the linux server )


Starting with :

snort -v -c  /etc/snort.conf -D -i eth0

Snort.Conf 


var HOME_NET 192.168.0.1/24
var EXTERNAL_NET any
var SMTP $HOME_NET
var RULE_PATH /root/Snort_Rules

preprocessor frag2
preprocessor stream4: detect_scans
preprocessor stream4_reassemble
preprocessor portscan: $HOME_NET 4 3 portscan.log


include $RULE_PATH/bad-traffic.rules
include $RULE_PATH/exploit.rules
include $RULE_PATH/scan.rules
include $RULE_PATH/finger.rules
include $RULE_PATH/ftp.rules
include $RULE_PATH/icmp-info.rules
include $RULE_PATH/imap.rules
include $RULE_PATH/info.rules
include $RULE_PATH/local.rules
include $RULE_PATH/misc.rules
include $RULE_PATH/multimedia.rules
include $RULE_PATH/mysql.rules
include $RULE_PATH/netbios.rules
include $RULE_PATH/nntp.rules
include $RULE_PATH/oracle.rules
include $RULE_PATH/other-ids.rules
include $RULE_PATH/p2p.rules
include $RULE_PATH/policy.rules
include $RULE_PATH/pop2.rules
include $RULE_PATH/pop3.rules
include $RULE_PATH/porn.rules
include $RULE_PATH/rpc.rules
include $RULE_PATH/rservices.rules
include $RULE_PATH/scan.rules
include $RULE_PATH/shellcode.rules
include $RULE_PATH/smtp.rules
include $RULE_PATH/snmp.rules
include $RULE_PATH/sql.rules
include $RULE_PATH/telnet.rules
include $RULE_PATH/tftp.rules
include $RULE_PATH/virus.rules
include $RULE_PATH/web-attacks.rules
include $RULE_PATH/web-cgi.rules
include $RULE_PATH/attack-responses.rules
include $RULE_PATH/backdoor.rules
include $RULE_PATH/chat.rules
include $RULE_PATH/classification.rules
include $RULE_PATH/ddos.rules
include $RULE_PATH/deleted.rules
include $RULE_PATH/dns.rules
include $RULE_PATH/dos.rules 
    
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030417/f6d0613f/attachment.html>


More information about the Snort-users mailing list