[Snort-users] subnet alerting problem

Al Lewis (allewi) allewi at cisco.com
Wed Jan 23 08:11:39 EST 2019


Hello,

Are you spanning all network traffic or running snort inline? If not.. snort isn’t seeing all of the traffic on your network.


Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
Cisco Systems Inc.
Email: allewi at cisco.com<mailto:allewi at cisco.com>


From: Snort-users <snort-users-bounces at lists.snort.org> on behalf of basan via Snort-users <snort-users at lists.snort.org>
Reply-To: basan <basan_j at hotmail.com>
Date: Wednesday, January 23, 2019 at 7:46 AM
To: "snort-users at lists.snort.org" <snort-users at lists.snort.org>
Subject: [Snort-users] subnet alerting problem

Hello,
I recently downloaded and installed snort3 on ubuntu 18, it is working fine but it gives me alert only for its interface IP address, although I have used the entire subnet range for the HOME_NET in the snort.lua configuration. Is there a way that snort can give me alert for all the hosts in the HOME_NET range addresses?

Below is the command that I use to run snort:
snort -c /usr/local/etc/snort/snort.lua -R /usr/local/etc/snort/rules/local.rules \-i ens5 -A alert_fast -s 65535 -k none

Thanks,
Basan

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20190123/62fc46a8/attachment.html>


More information about the Snort-users mailing list