[Snort-users] Newbie Questions

Davis Lee lee_d at ...13965...
Thu Oct 26 18:10:15 EDT 2006


Greetings & TIA,

I have two boxes plugged into the same switch. 

One is Snort 2.44 on FC4 displayed through Base 1.2.2 (cindy).

Two is Snort 2.6.02 on FC5 displayed through Base 1.2.6 (Christine).

AFAIK, the snort.conf files are identical (at least my visual step
through shows them to be the same). Also, the local.rules file is almost
the same, except for the order of listing. 

Cindy is giving me a whole lot more info than Christine. Christine only
shows UDP, and misses a lot of info that Wireshark, running on her box,
does show.

Where should I start in order to get more info from Christine? I've
looked at var/log/snort and I think Christine is reporting all she sees.



Thanks,
Davis Lee





More information about the Snort-users mailing list