[Snort-users] Snort 2.0 not logging any alerts

Matt Kettler mkettler at ...4108...
Wed Apr 30 15:55:03 EDT 2003

At 05:35 PM 4/30/2003 -0400, stormshadow wrote:
>snort -dev -l log -h -c snort.conf
>from root directory. I created a /log within this directory for snort.
>Snort isn't logging anything to the "alert" file in the /log

In this mode, it won't.. you've not daemonized snort so it will run in 
interactive mode all the alerts will be logged to standard out. You'll need 
to specify -D to daemonize snort if you want it to detach from your current 
session and log to /var/log/snort

>  I run snort again, I open up another shell and do:
>tail -f /var/log/snort/alert. I then nmap the snort machine but no logs
>show up!

Well, if the above isn't the crux of your problem you left out a lot of 
information about your setup and the test you performed that might be useful

What is HOME_NET and EXTERNAL_NET set to in your snort.conf? (note that -h 
on the command line does no serve the same function as var HOME_NET

Is the source of the nmap scan in either of these ranges?

Is the snort machine itself (ie: target of the nmap) in either of these ranges? 

More information about the Snort-users mailing list