[Snort-users] Snort re-setup issues

Greg Webster greg at ...9390...
Tue Apr 27 14:54:00 EDT 2004


Heya,

Maybe I just need to bounce this off someone for a sanity check...advice
would be great.

Our old SNORT box completely died, so I was unable to get the config
file from there to make this easy.

The real problem now is that it's not logging anything coming in.
/var/log/snort/alert is empty.

Here's some quick facts to hopefully narrow down the solution:
- Snort box IP address: 192.168.42.51 on eth0
- eth0 is set to promiscuous mode
- Snort is listening to 64.69.xxx.xxx/27
- The log files are created and appropriate permissions are given
(/var/log/snort)
- I've tried to change Snort to listen to 192.168.42.0/24, and
portscanning from another box in that network, but Snort didn't log it.
- The box is behind two switches...

I haven't seen a solution in my searching...any thoughts on where to go
next?

Thanks,

Greg




More information about the Snort-users mailing list