[Snort-users] eth0 interface does not log? anyone?

Erek Adams erek at ...950...
Thu Jun 19 06:29:15 EDT 2003


On Wed, 18 Jun 2003, hallian hallian wrote:

> I have snort installed and I'm trying to monitor both eth0 and eth1
> interfaces within my test lab.  What has baffled me the entire day is that I
> can only log alerts from my eth1 and NOT eth0.  Its making me crazy!  This
> sis what I have and read thru the FAQ too.
>
> I'm running this command:
>
> /usr/local/bin/snort -i eth0 -l /var/log/snort -c /etc/snort/snort.conf -u
> snort -g snort -d -s -A fast
>
> I see all the packets coming thru but no logs/alerts even though i ran
> nmap!!!! But it works for eth1.  I have not touched my snorf.conf file
> except for my:
>
> var EXTERNAL_NET any
> var HOME_NET 10.1.1.0/24

Sounds like a misconfiguration issue.

Start simple to test.

	snort -dv -i eht0

If you see packets fly by, then Snort is working just fine and it's your
config file.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson




More information about the Snort-users mailing list