[Snort-users] Snort 2.6.1 Stops Logging

Eric J. Feldhusen efeldhusen.lists at ...11827...
Wed Nov 22 12:37:08 EST 2006


rmkml wrote:
 > do you have compiled snort ?
 > what version snort binary you have ?

I used the snort 2.6.1 and snort 2.6.1-mysql rpms from the snort 
downloads.  The ruleset I used is the non-scriber current as of November 
19th.  The OS is rhel4u4, minimum install, fully up to date, with the 
only other installed rpms being the rrdtool, rrd-devel, perl-rrd, and 
ntop from the Dag's repository, and webmin 1.300 rpm.

 > how bandwith you have ?

The snort box has dual gigabit ethernet interfaces, one for accessing 
the box via an IP, and the other is in promisious mode without an IP. 
My switch is sending about 16Mbps at peak to the stealth interface, 
average is about 12Mbps.

 > do you use snort inline or only snort on ids mode ?

IDS mode

>  snort.conf
See attached snortconf
>  ps axwwl
see attached snortpsaxwwl
>  snort cmd option
see attached snortcmdoption
>  your log
I wasn't sure which log here?

> Best Regards
> Rmkml

-- 
Eric Feldhusen
Network Administrator    http://www.remc1.org
eric at ...13995...
PO Box 270              (906) 482-4520  x239
809 Hecla St            (906) 482-5031 fax
Hancock, MI  49930      (906) 370 6202 mobile
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: snort.conf
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20061122/1e835826/attachment.ksh>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: snortpsaxwwl
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20061122/1e835826/attachment-0001.ksh>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: snortcmdoption
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20061122/1e835826/attachment-0002.ksh>


More information about the Snort-users mailing list