[Snort-users] Snort Just Does Not Want To Work on Shadow Interrface

Rhugga snort-list at ...12135...
Tue Jul 20 15:40:37 EDT 2004


Harper, Patrick wrote:

>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list=ort-users
>  
>
Will someone please find a large heavy cinder block and smash it over my 
head.

Once I got snort reading the interface w/o an IP address it was matching 
rules, I was being tired and lazy and using Acid to determine this. 
(after a 16-hr day and 3 fatening catered meals) I actually have 2 acid 
directories, one that uses my internal sensor database and 1 that uses a 
database for my external sensor. I have the internal IDS off so it was 
not logging anything. I was looking at the internal snort's database  
via acid to see what my external sensor was doing. duh. If I would have 
looked at the raw data stream in the first place like a normal person. 
(sorry, browsers are too easy to ues, =)

Anyway thanks for all the help all, and sorry if I was short with anyone 
just having a ton of bricks dropped on me lately at work and blah ...... 
Im sure everyone here is in the same boat in this economy. Same IT 
workload, 1/3 the people.

Thx,
RHugga







More information about the Snort-users mailing list