[Snort-users] Newbie Questions
lee_d at ...13965...
Thu Oct 26 18:10:15 EDT 2006
Greetings & TIA,
I have two boxes plugged into the same switch.
One is Snort 2.44 on FC4 displayed through Base 1.2.2 (cindy).
Two is Snort 2.6.02 on FC5 displayed through Base 1.2.6 (Christine).
AFAIK, the snort.conf files are identical (at least my visual step
through shows them to be the same). Also, the local.rules file is almost
the same, except for the order of listing.
Cindy is giving me a whole lot more info than Christine. Christine only
shows UDP, and misses a lot of info that Wireshark, running on her box,
Where should I start in order to get more info from Christine? I've
looked at var/log/snort and I think Christine is reporting all she sees.
More information about the Snort-users