[Snort-users] subnet alerting problem
Al Lewis (allewi)
allewi at cisco.com
Wed Jan 23 08:11:39 EST 2019
Are you spanning all network traffic or running snort inline? If not.. snort isn’t seeing all of the traffic on your network.
Cisco Systems Inc.
Email: allewi at cisco.com<mailto:allewi at cisco.com>
From: Snort-users <snort-users-bounces at lists.snort.org> on behalf of basan via Snort-users <snort-users at lists.snort.org>
Reply-To: basan <basan_j at hotmail.com>
Date: Wednesday, January 23, 2019 at 7:46 AM
To: "snort-users at lists.snort.org" <snort-users at lists.snort.org>
Subject: [Snort-users] subnet alerting problem
I recently downloaded and installed snort3 on ubuntu 18, it is working fine but it gives me alert only for its interface IP address, although I have used the entire subnet range for the HOME_NET in the snort.lua configuration. Is there a way that snort can give me alert for all the hosts in the HOME_NET range addresses?
Below is the command that I use to run snort:
snort -c /usr/local/etc/snort/snort.lua -R /usr/local/etc/snort/rules/local.rules \-i ens5 -A alert_fast -s 65535 -k none
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users