[SPAM] - [Snort-users] Snort not logging all packets - Email found in subject
mhering at ...13116...
Mon Mar 7 12:13:28 EST 2005
Logging in /var/log/messages???? YOu may not want to do that. I log in
/var/log/sensorname/snort/ Also is your NIC card working ok? and
what machine specs?
From: sEc nErD [mailto:umkcguy1978 at ...131...]
Sent: Monday, March 07, 2005 3:02 PM
To: Marc Hering; snort-users at lists.sourceforge.net
Subject: RE: [SPAM] - [Snort-users] Snort not logging all packets -
Email found in subject
I am logging snort in the /var/log/messages and also on a remote
security information management system like netforensics.
I can see some http insepct preprocessor messages but i know its missing
out on a lot of them.
below si the tcpdump output.
this is what i see when i do tcpdump
#tcpdump -i eth1
tcpdump: WARNING: eth1: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
14:08:26.965161 IP 22.214.171.124 > 126.96.36.199:
1 packets captured
670 packets received by filter
622 packets dropped by kernel
Marc Hering <mhering at ...13116...> wrote:
Are you logging into the console? Or via an SSH session?
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of sEc nErD
Sent: Monday, March 07, 2005 2:41 PM
To: snort-users at lists.sourceforge.net
Subject: [SPAM] - [Snort-users] Snort not logging all packets -
Email found in subject
I am runnning snort on a fedora box and i started with a doubt
that it is not logging all the packets.
I checked it with tcp dump and when i stop tcpdump i see 90% of
the packets being dropped by the kernel.
When i see /var/log/messages
i see the below error for both sniffing interfaces
OpenPcap() device eth0 network lookup: ^Ieth0: no IPv4 address
I checked the version of libpcap running it is
" libpcap-0.8.3-3 "
Output of # uname -a
Linux localhost.localdomain 2.6.5-1.358smp #1 SMP Sat May 8
09:25:36 EDT 2004 i686 i686 i386 GNU/Linux
If anybody could help me on this i would really appreciate it.
Celebrate Yahoo!'s 10th Birthday!
Yahoo! Netrospective: 100 Moments of the Web
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users