[Snort-users] eth0 interface does not log? anyone?

Erek Adams erek at ...950...
Thu Jun 19 06:29:15 EDT 2003

On Wed, 18 Jun 2003, hallian hallian wrote:

> I have snort installed and I'm trying to monitor both eth0 and eth1
> interfaces within my test lab.  What has baffled me the entire day is that I
> can only log alerts from my eth1 and NOT eth0.  Its making me crazy!  This
> sis what I have and read thru the FAQ too.
> I'm running this command:
> /usr/local/bin/snort -i eth0 -l /var/log/snort -c /etc/snort/snort.conf -u
> snort -g snort -d -s -A fast
> I see all the packets coming thru but no logs/alerts even though i ran
> nmap!!!! But it works for eth1.  I have not touched my snorf.conf file
> except for my:
> var EXTERNAL_NET any
> var HOME_NET

Sounds like a misconfiguration issue.

Start simple to test.

	snort -dv -i eht0

If you see packets fly by, then Snort is working just fine and it's your
config file.


Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson

More information about the Snort-users mailing list