[Snort-users] Snort re-setup issues
greg at ...9390...
Tue Apr 27 14:54:00 EDT 2004
Maybe I just need to bounce this off someone for a sanity check...advice
would be great.
Our old SNORT box completely died, so I was unable to get the config
file from there to make this easy.
The real problem now is that it's not logging anything coming in.
/var/log/snort/alert is empty.
Here's some quick facts to hopefully narrow down the solution:
- Snort box IP address: 192.168.42.51 on eth0
- eth0 is set to promiscuous mode
- Snort is listening to 64.69.xxx.xxx/27
- The log files are created and appropriate permissions are given
- I've tried to change Snort to listen to 192.168.42.0/24, and
portscanning from another box in that network, but Snort didn't log it.
- The box is behind two switches...
I haven't seen a solution in my searching...any thoughts on where to go
More information about the Snort-users