[Snort-users] Snort re-setup issues
greg at ...9390...
Thu Apr 29 16:48:04 EDT 2004
Thanks, but we got it solved. It ended up being a problem with the
switch and not having the server on the right vlan to listen to the
traffic properly :)
On Tue, 2004-04-27 at 17:32, Truax, Shawn (MBS) wrote:
> Hi Greg,
> Can you put a copy of your snort.conf up to look at. As well try
> running a tcpdump on your interface (eth0) to see if traffic is being
> captured. It seems from your email here you are not sure if snort is
> actually seeing traffic.
> Shawn Truax
> Security Specialist
> Corporate Security
> 155 University Ave.
> Toronto, Ontario
> M5H 3B7
> -----Original Message-----
> From: Greg Webster [mailto:greg at ...9390...]
> Sent: April 27, 2004 5:53 PM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] Snort re-setup issues
> Maybe I just need to bounce this off someone for a sanity
> would be great.
> Our old SNORT box completely died, so I was unable to get the config
> file from there to make this easy.
> The real problem now is that it's not logging anything coming in.
> /var/log/snort/alert is empty.
> Here's some quick facts to hopefully narrow down the solution:
> - Snort box IP address: 192.168.42.51 on eth0
> - eth0 is set to promiscuous mode
> - Snort is listening to 64.69.xxx.xxx/27
> - The log files are created and appropriate permissions are given
> - I've tried to change Snort to listen to 192.168.42.0/24, and
> portscanning from another box in that network, but Snort didn't log
> - The box is behind two switches...
> I haven't seen a solution in my searching...any thoughts on where to
> This SF.Net email is sponsored by: Oracle 10g
> Get certified on the hottest thing ever to hit the market... Oracle
> Take an Oracle 10g class now, and we'll give you the exam FREE.
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
More information about the Snort-users