[SPAM] - [Snort-users] Snort not logging all packets - Email found in subject

Marc Hering mhering at ...13116...
Mon Mar 7 12:13:28 EST 2005

Logging in /var/log/messages????  YOu may not want to do that. I log in
/var/log/sensorname/snort/    Also is your NIC card working ok?   and
what machine specs?


From: sEc nErD [mailto:umkcguy1978 at ...131...] 
Sent: Monday, March 07, 2005 3:02 PM
To: Marc Hering; snort-users at lists.sourceforge.net
Subject: RE: [SPAM] - [Snort-users] Snort not logging all packets -
Email found in subject

I am logging snort in the /var/log/messages and also on a remote
security information management system like netforensics.
I can see some http insepct preprocessor messages but i know its missing
out on a lot of them.
below si the tcpdump output.
this is what i see when i do tcpdump
#tcpdump -i eth1

tcpdump: WARNING: eth1: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
14:08:26.965161 IP >
1 packets captured
670 packets received by filter
622 packets dropped by kernel

Marc Hering <mhering at ...13116...> wrote:

	Are you logging into the console? Or via an SSH session?


	From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of sEc nErD
	Sent: Monday, March 07, 2005 2:41 PM
	To: snort-users at lists.sourceforge.net
	Subject: [SPAM] - [Snort-users] Snort not logging all packets -
Email found in subject

	Hi all,
	I am runnning snort on a fedora box and i started with a doubt
that it is not logging all the packets.
	I checked it with tcp dump and when i stop tcpdump i see 90% of
the packets being dropped by the kernel.
	When i see /var/log/messages 
	i see the below error for both sniffing interfaces
	OpenPcap() device eth0 network lookup:  ^Ieth0: no IPv4 address
	I checked the version of libpcap running it is
	 " libpcap-0.8.3-3 "
	Output of # uname -a  

	Linux localhost.localdomain 2.6.5-1.358smp #1 SMP Sat May 8
09:25:36 EDT 2004 i686 i686 i386 GNU/Linux
	If anybody could help me on this i would really appreciate it.
	thanks all,



	Celebrate Yahoo!'s 10th Birthday! 
	Yahoo! Netrospective: 100 Moments of the Web

Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20050307/3421b1a7/attachment.html>

More information about the Snort-users mailing list