[Snort-users] Snort isn't doing anything..

Harper, Patrick Patrick.Harper at ...11593...
Wed Mar 2 15:12:44 EST 2005

Is it a true hub, some hubs are really switches.  The archives have a
lot about this issue.  What make and model? 

-----Original Message-----
From: Marc Hering [mailto:mhering at ...13116...] 
Sent: Wednesday, March 02, 2005 4:09 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Snort isn't doing anything..

Hey Everyone...

I just setup my first snort box running on Fedora Core 3.  I installed
everything, including ACID and started snort up...It starts up just fine
and a ps auxww |grep snort shows that the app is running..
502       3740  0.7 14.5 41444 37196 ?       Ss   16:56   0:01
/usr/local/bin/snort -c /usr/local/snort/etc/snort.conf -i eth1 -g
snortgroup -D -u snortuser

However, If I run an nmap scan (doesn't matter what options) on any host
on my network (Snort can see it, it's on a hub) it doesn't log anything.
So far it's only logged 1 alert for a SQL scan..  I have tried updating
the rules to no avail...
My snort.conf is the default out of the box setup, the only things i
have changed are as  follows
***********************Changed items in
var RULE_PATH /usr/local/snort/rules
output database: log, mysql, user=thepropersnortuser
password=snortuserspassword dbname=thesnortdatabase host=localhost
  (Names have been changed to protect the innocent  :) )
 output alert_syslog: LOG_LOCAL3
 output alert_fast: snort.log
 output alert_full: alert.full


More information about the Snort-users mailing list