Patrick S. Harper - CISSP
lists at ...4250...
Fri Aug 1 13:28:16 EDT 2003
It sounds like you are on a switch. Depending on what kind of switch you are on you can set a span or monitor port that sees all traffic that passes through the switch
I used Patrick S. Harper's install guide, Snort, Apache, PHP, MySQL, ACID on Redhat 9.0 Installation Guide , without any problems. Here is my problem: When I perform a Nessus audit on a machine on my local network, Snort does not log any intrusion detection activity. But, when I direct the Nessus audit directly at the box running Snort, the log files are generated and can be viewed using Acid. In my snort.conf file, I defined my local network as 192.168.0.0/24, which covers a small windows environment. BTW, using Snort 2.0. The Snort box is located on my local network at 192.168.0.198. Why does it not register,log, or recognize attacks directed at machines within its local network? Any help will be greatly appreciated...Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users