[Snort-users] Snort isn't doing anything..

Marc Hering mhering at ...13116...
Wed Mar 2 14:11:10 EST 2005


Hey Everyone...

I just setup my first snort box running on Fedora Core 3.  I installed
everything, including ACID and started snort up...It starts up just fine
and a ps auxww |grep snort shows that the app is running..
 
502       3740  0.7 14.5 41444 37196 ?       Ss   16:56   0:01
/usr/local/bin/snort -c /usr/local/snort/etc/snort.conf -i eth1 -g
snortgroup -D -u snortuser

 
However, If I run an nmap scan (doesn't matter what options) on any host
on my network (Snort can see it, it's on a hub) it doesn't log anything.
So far it's only logged 1 alert for a SQL scan..  I have tried updating
the rules to no avail...
 
My snort.conf is the default out of the box setup, the only things i
have changed are as  follows
 
***********************Changed items in
snort.conf********************************
var RULE_PATH /usr/local/snort/rules
 
 
output database: log, mysql, user=thepropersnortuser
password=snortuserspassword dbname=thesnortdatabase host=localhost
  (Names have been changed to protect the innocent  :) )
 
 output alert_syslog: LOG_LOCAL3
 output alert_fast: snort.log
 output alert_full: alert.full
************************************************

 
 


More information about the Snort-users mailing list