[SPAM] - [Snort-users] Snort not logging all packets - Email found in subject
umkcguy1978 at ...131...
Mon Mar 7 12:02:24 EST 2005
I am logging snort in the /var/log/messages and also on a remote security information management system like netforensics.
I can see some http insepct preprocessor messages but i know its missing out on a lot of them.
below si the tcpdump output.
this is what i see when i do tcpdump
#tcpdump -i eth1
tcpdump: WARNING: eth1: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
14:08:26.965161 IP 18.104.22.168 > 22.214.171.124: ESP(spi=0x96ebf27b,seq=0x503)
1 packets captured
670 packets received by filter
622 packets dropped by kernel
Marc Hering <mhering at ...13116...> wrote:
Are you logging into the console? Or via an SSH session?
From: snort-users-admin at lists.sourceforge.net [mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of sEc nErD
Sent: Monday, March 07, 2005 2:41 PM
To: snort-users at lists.sourceforge.net
Subject: [SPAM] - [Snort-users] Snort not logging all packets - Email found in subject
I am runnning snort on a fedora box and i started with a doubt that it is not logging all the packets.
I checked it with tcp dump and when i stop tcpdump i see 90% of the packets being dropped by the kernel.
When i see /var/log/messages
i see the below error for both sniffing interfaces
OpenPcap() device eth0 network lookup: ^Ieth0: no IPv4 address assigned
I checked the version of libpcap running it is
" libpcap-0.8.3-3 "
Output of # uname -a
Linux localhost.localdomain 2.6.5-1.358smp #1 SMP Sat May 8 09:25:36 EDT 2004 i686 i686 i386 GNU/Linux
If anybody could help me on this i would really appreciate it.
Celebrate Yahoo!'s 10th Birthday!
Yahoo! Netrospective: 100 Moments of the Web
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users