[Snort-users] got a little problem with acid and snort logging

Michael Steele michaels at ...9077...
Sat Nov 22 22:27:02 EST 2003


Which directions did you follow?

Try running the complete run line with a -T at the end.

Cheers...

-Michael Steele
-- 
 System Engineer / Security Support Technician     
 mailto:michaels at ...9077...    
 Website: http://www.winsnort.com
 Snort: Open Source Network IDS - http://www.snort.org


> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net [mailto:snort-users-
> admin at lists.sourceforge.net] On Behalf Of qodqod
> Sent: Saturday, November 22, 2003 9:54 PM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] got a little problem with acid and snort logging
> 
> 
> hi guys, i just installed snort following the newest version of
> snort, acid, and redhat 9 it is dated 11/9/03, i ran thru it
> with no porblems but i do cannt get acid to have the output
> right
> Sensors: 0
> Unique Alerts: 0    (   0 categories   )
> Total Number of Alerts: 0
> 
>     * Source IP addresses: 0
>     * Dest. IP addresses: 0
>     * Unique IP links 0
> 
>     * Source Ports: 0
>           o TCP ( 0)  UDP ( 0)
>     * Dest. Ports: 0
>           o TCP ( 0)  UDP ( 0)
> 
> notice that the sensors is 0 but i am running snort, with these
> options
> snort -devbc /etc/snort/snort.conf
> 
> i also have all the rules installed in the proper place, but one
> look at the log reveals that there are no logs in the
> /var/log/snort/ i only see
> 
> -rw-------    1 root     snort           0 Nov 22 21:41 alert
> -rw-------    1 root     root            0 Nov 22 21:41
> portscan.log
> 
> yet snort has been running for almost 3 hours. i am running ADSL
> and my config file for snort is setup like this
> var HOME_NET 68.75.100.43/32
> 
> var EXTERNAL_NET !$HOME_NET
> 
> 
> i also searched google with no luck
> 
> thank you
> ________________________________
> 15 Mbytes Free Web-based and  POP3
> Sign up now: http://www.gawab.com
> 
> 
> -------------------------------------------------------
> This SF.net email is sponsored by: SF.net Giveback Program.
> Does SourceForge.net help you be more productive?  Does it
> help you create better code?  SHARE THE LOVE, and help us help
> YOU!  Click Here: http://sourceforge.net/donate/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users






More information about the Snort-users mailing list