[Snort-users] Snort re-setup issues

Greg Webster greg at ...9390...
Tue Apr 27 14:54:00 EDT 2004


Maybe I just need to bounce this off someone for a sanity check...advice
would be great.

Our old SNORT box completely died, so I was unable to get the config
file from there to make this easy.

The real problem now is that it's not logging anything coming in.
/var/log/snort/alert is empty.

Here's some quick facts to hopefully narrow down the solution:
- Snort box IP address: on eth0
- eth0 is set to promiscuous mode
- Snort is listening to 64.69.xxx.xxx/27
- The log files are created and appropriate permissions are given
- I've tried to change Snort to listen to, and
portscanning from another box in that network, but Snort didn't log it.
- The box is behind two switches...

I haven't seen a solution in my searching...any thoughts on where to go



More information about the Snort-users mailing list