[Snort-users] empty logs..how come ??

Matt Kettler mkettler at ...4108...
Thu Apr 17 08:28:23 EDT 2003


Have you verified that snort is actualy running?

I noticed you included deleted.rules. Those rules aren't intended to be 
used and some have typoes that will keep snort from running. If you're 
running snort in daemon mode, it might not be obvious that it's failing to 
read your rule files and is bailing out.

Run snort in non-daemon mode and see if it comes up properly. This will 
also let you watch alerts on the console, in case the logs are going 
someplace other than your alerts file.

As for the portscan, if you're using the portscan preprocessor it should 
detect simple "sweeps" of all the ports on a machine.

At 12:26 PM 4/17/2003 +0200, Bart Decker wrote:
>I recently configured Snort...as a newbie i don't know all the ins and 
>outs and maybe i didn't get the whole IDS story .
>I'm portscanning myself crazy , but i can't see anything in the logs . 
>They stay empty all the time .





More information about the Snort-users mailing list