[Snort-users] subnet alerting problem

Al Lewis (allewi) allewi at cisco.com
Wed Jan 23 08:11:39 EST 2019


Are you spanning all network traffic or running snort inline? If not.. snort isn’t seeing all of the traffic on your network.

Albert Lewis
Cisco Systems Inc.
Email: allewi at cisco.com<mailto:allewi at cisco.com>

From: Snort-users <snort-users-bounces at lists.snort.org> on behalf of basan via Snort-users <snort-users at lists.snort.org>
Reply-To: basan <basan_j at hotmail.com>
Date: Wednesday, January 23, 2019 at 7:46 AM
To: "snort-users at lists.snort.org" <snort-users at lists.snort.org>
Subject: [Snort-users] subnet alerting problem

I recently downloaded and installed snort3 on ubuntu 18, it is working fine but it gives me alert only for its interface IP address, although I have used the entire subnet range for the HOME_NET in the snort.lua configuration. Is there a way that snort can give me alert for all the hosts in the HOME_NET range addresses?

Below is the command that I use to run snort:
snort -c /usr/local/etc/snort/snort.lua -R /usr/local/etc/snort/rules/local.rules \-i ens5 -A alert_fast -s 65535 -k none


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20190123/62fc46a8/attachment.html>

More information about the Snort-users mailing list