[SPAM] - [Snort-users] Snort not logging all packets - Email found in subject

sEc nErD umkcguy1978 at ...131...
Mon Mar 7 12:02:24 EST 2005


I am logging snort in the /var/log/messages and also on a remote security information management system like netforensics.
I can see some http insepct preprocessor messages but i know its missing out on a lot of them.
below si the tcpdump output.
 
 
this is what i see when i do tcpdump
 
#tcpdump -i eth1

tcpdump: WARNING: eth1: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
14:08:26.965161 IP 12.40.44.251 > 69.151.58.226: ESP(spi=0x96ebf27b,seq=0x503)
1 packets captured
670 packets received by filter
622 packets dropped by kernel

Marc Hering <mhering at ...13116...> wrote:
Are you logging into the console? Or via an SSH session?


---------------------------------
From: snort-users-admin at lists.sourceforge.net [mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of sEc nErD
Sent: Monday, March 07, 2005 2:41 PM
To: snort-users at lists.sourceforge.net
Subject: [SPAM] - [Snort-users] Snort not logging all packets - Email found in subject




Hi all,
 
I am runnning snort on a fedora box and i started with a doubt that it is not logging all the packets.
I checked it with tcp dump and when i stop tcpdump i see 90% of the packets being dropped by the kernel.
When i see /var/log/messages 
i see the below error for both sniffing interfaces
 
OpenPcap() device eth0 network lookup:  ^Ieth0: no IPv4 address assigned
 
I checked the version of libpcap running it is
 " libpcap-0.8.3-3 "
Output of # uname -a  

Linux localhost.localdomain 2.6.5-1.358smp #1 SMP Sat May 8 09:25:36 EDT 2004 i686 i686 i386 GNU/Linux
 
If anybody could help me on this i would really appreciate it.
thanks all,
kaps



 

---------------------------------
Celebrate Yahoo!'s 10th Birthday! 
Yahoo! Netrospective: 100 Moments of the Web 
__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20050307/0ee53f52/attachment.html>


More information about the Snort-users mailing list