[Snort-users] empty logs..how come ??
mkettler at ...4108...
Thu Apr 17 08:28:23 EDT 2003
Have you verified that snort is actualy running?
I noticed you included deleted.rules. Those rules aren't intended to be
used and some have typoes that will keep snort from running. If you're
running snort in daemon mode, it might not be obvious that it's failing to
read your rule files and is bailing out.
Run snort in non-daemon mode and see if it comes up properly. This will
also let you watch alerts on the console, in case the logs are going
someplace other than your alerts file.
As for the portscan, if you're using the portscan preprocessor it should
detect simple "sweeps" of all the ports on a machine.
At 12:26 PM 4/17/2003 +0200, Bart Decker wrote:
>I recently configured Snort...as a newbie i don't know all the ins and
>outs and maybe i didn't get the whole IDS story .
>I'm portscanning myself crazy , but i can't see anything in the logs .
>They stay empty all the time .
More information about the Snort-users