[Snort-users] Snort missing traffic...?
p.jones.ml at ...8985...
Thu May 8 07:36:07 EDT 2003
Hello all. (Second try)
Just completed a new install. Snort 2.0, RH9 with mysql and acid on a
server that is 347MHz with 256 MB ram.
(I would like to consider myself learned, but often find that my lack of
experience places me in the newb category)
I ran some exploits on the snort server and acid reported them. I ran the
same exploits on a server in the same sub-net and acid does not report any
of this. I looked at the alert file in /var/log/snort and nothing regarding
the exploits run against the other server are there. I am confused. I
specified my HOME_NET, for example 10.25.1.0/24... The snort server is
10.24.1.24 and the server I also ran exploits on is 10.25.1.20.
The ethernet link to hub and to other parts of the network are all 100
base. Could it be the speed of the server? Not sure where to go, I know
that I must tune the server, but I do not know what to tune if it is not
seeing even purposeful exploits...I will be more than happy to give any
more info that anyone requires to help me figure this out...except for the
root password to my machine ;-)
More information about the Snort-users