[Snort-users] Snort not capturing data

Nigel Houghton nigel at ...1935...
Fri Oct 8 10:23:30 EDT 2004


On  0, snort-users-request at lists.sourceforge.net allegedly wrote:
> 
> --__--__--
> 
> Message: 1
> Date: Fri, 08 Oct 2004 08:43:19 -0700
> From: Ravi Verma <ravi.verma at ...12525...>
> To: Shawn Kottke <skottke at ...11993...>
> CC:  snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] Snort not capturing data
> 
> Dear Shawn:
> 
> I checked the value for EXTERNAL_NET and it is set to ANY.  Snort  would 
> not start if EXTERNAL_NET is not defined. Now the entries in snort.conf 
> look  as follows.
> 
> var HOME_NET [10.1.0.0/16,10.2.0.0/16,10.4.0.0]
> 
> var EXTERNAL_NET !$HOME_NET
> 
> Still Snort is not writing any data into mysql.

And it never will until you tell it to do so in your snort.conf.

Your only output line (as far as I can see from the mangled snort.conf) is
output log_tcpdump: tcpdump.log

There isn't any output defined for a database.

+-----------------------------------------------------------------+
    Nigel Houghton      Research Engineer       Sourcefire Inc.
                  Vulnerability Research Team

 Cat: "Forget red - let's go all the way up to brown alert!"
 Kryten: "There's no such thing as a brown alert sir."
 Cat: "You won't be saying that in a minute!"




More information about the Snort-users mailing list