[Snort-users] Couple of questions.

Joel Esler (jesler) jesler at ...589...
Mon Jun 9 18:27:52 EDT 2014


On Jun 9, 2014, at 6:19 PM, Allan <yummycheese at ...6696...<mailto:yummycheese at ...6696...>> wrote:

Hello,

Snort newbie here.

I have a few questions.

When I run Snort on my wan interface it doesn't log most of the alerts. I'll scan my IP from a friends house using Nessus and all that really shows up is a port scan from his IP.

If I run Snort on my lan interface everything shows up from the Nessus scan which is good but the problem with that is I get 100's of alerts from my private IP's going out to the internet. I tried ignoring the alerts with a bpf file with !(src net 192.168.1.0/24) but that just seems to stop logging all alerts.

Snort is running on my Freebsd gateway firewall.

Why would running Snort on my wan interface only show port scans and a few other alerts.

Did you try this?

https://github.com/vrtadmin/snort-faq/blob/master/FAQ/Im-not-receiving-alerts-in-Snort.md

--
Joel Esler
Open Source Manager
Threat Intelligence Team Lead
Vulnerability Research Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140609/2248f6d2/attachment.html>


More information about the Snort-users mailing list