[Snort-users] Snort 2.0 not logging any alerts
mkettler at ...4108...
Wed Apr 30 15:55:03 EDT 2003
At 05:35 PM 4/30/2003 -0400, stormshadow wrote:
>snort -dev -l log -h 192.168.1.0/24 -c snort.conf
>from root directory. I created a /log within this directory for snort.
>Snort isn't logging anything to the "alert" file in the /log
In this mode, it won't.. you've not daemonized snort so it will run in
interactive mode all the alerts will be logged to standard out. You'll need
to specify -D to daemonize snort if you want it to detach from your current
session and log to /var/log/snort
> I run snort again, I open up another shell and do:
>tail -f /var/log/snort/alert. I then nmap the snort machine but no logs
Well, if the above isn't the crux of your problem you left out a lot of
information about your setup and the test you performed that might be useful
What is HOME_NET and EXTERNAL_NET set to in your snort.conf? (note that -h
on the command line does no serve the same function as var HOME_NET
Is the source of the nmap scan in either of these ranges?
Is the snort machine itself (ie: target of the nmap) in either of these ranges?
More information about the Snort-users