[Snort-users] subnet alerting problem

zap.beeb zap.beeb at web.de
Thu Feb 7 11:04:23 EST 2019


Unsubscribe
On Jan 23, 2019 2:11 PM, "Al Lewis (allewi) via Snort-users" <snort-users at lists.snort.org> wrote:
>
> Hello,
>
>  
>
> Are you spanning all network traffic or running snort inline? If not.. snort isn’t seeing all of the traffic on your network.
>
>  
>
>  
>
> Albert Lewis
>
> ENGINEER.SOFTWARE ENGINEERING
>
> Cisco Systems Inc.
>
> Email: allewi at cisco.com 
>
>  
>
>  
>
> From: Snort-users <snort-users-bounces at lists.snort.org> on behalf of basan via Snort-users <snort-users at lists.snort.org>
> Reply-To: basan <basan_j at hotmail.com>
> Date: Wednesday, January 23, 2019 at 7:46 AM
> To: "snort-users at lists.snort.org" <snort-users at lists.snort.org>
> Subject: [Snort-users] subnet alerting problem
>
>  
>
> Hello,
>
> I recently downloaded and installed snort3 on ubuntu 18, it is working fine but it gives me alert only for its interface IP address, although I have used the entire subnet range for the HOME_NET in the snort.lua configuration. Is there a way that snort can give me alert for all the hosts in the HOME_NET range addresses?
>
>  
>
> Below is the command that I use to run snort:
>
> snort -c /usr/local/etc/snort/snort.lua -R /usr/local/etc/snort/rules/local.rules \-i ens5 -A alert_fast -s 65535 -k none
>
>  
>
> Thanks,
>
> Basan
>
>  


More information about the Snort-users mailing list