<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=windows-1252"><BASE 
href="file://C:\Program Files\Common Files\Microsoft Shared\Stationery\">
<STYLE>BODY {
        BACKGROUND-POSITION: right top; FONT-SIZE: 10pt; COLOR: #000000; BACKGROUND-REPEAT: no-repeat; FONT-FAMILY: ADMUI3Lg
}
</STYLE>

<META content="MSHTML 5.50.4522.1800" name=GENERATOR></HEAD>
<BODY bgColor=#ffffff background=cid:004901c0f048$9b07b8e0$5a62bacc@...979...2201...>
<DIV>have set this up before but this is the first time on redhat i`ve had 
an<BR>issue with snort not logging alerts whatsoever..<BR><BR>config 
file<BR><BR>output alert_syslog: LOG_LOCAL3 LOG_INFO<BR>var HOME_NET 
x.x.x.x.0/28<BR>var DNS_SERVER x.x.x.x/32 <BR>preprocessor http_decode: 
80<BR>preprocessor minfrag: 128<BR>preprocessor portscan: $HOME_NET 25 5 
/var/log/portscan.log<BR>preprocessor portscan-ignorehosts: 
$DNS_SERVER<BR><BR>include /home/snort/nids/webcgi-lib<BR>include 
/home/snort/nids/webcf-lib<BR>include /home/snort/nids/webiis-lib<BR>include 
/home/snort/nids/webfp-lib<BR>include /home/snort/nids/webmisc-lib<BR>include 
/home/snort/nids/overflow-lib<BR>include /home/snort/nids/finger-lib<BR>include 
/home/snort/nids/ftp-lib<BR>include /home/snort/nids/smtp-lib<BR>include 
/home/snort/nids/telnet-lib<BR>include /home/snort/nids/misc-lib<BR>include 
/home/snort/nids/netbios-lib<BR>include /home/snort/nids/misc-lib<BR>include 
/home/snort/nids/scan-lib<BR>include /home/snort/nids/ddos-lib<BR>include 
/home/snort/nids/backdoor-lib<BR>include /home/snort/nids/ping-lib<BR>include 
/home/snort/nids/rpc-lib<BR>include 
/home/snort/nids/email-virus-lib<BR><BR>syslog conf file<BR><BR>#Keith 
=)<BR>local3.info             
/var/log/systemsec<BR><BR>when I run snort in verbose I see all traffic on the 
physical and virtual<BR>interface but once I apply the rules snort goes 
blind..<BR></DIV>
<DIV>syslog is working as I tested it, so it comes down to snort not working 
right</DIV>
<DIV> </DIV>
<DIV>was a basic config with no special options</DIV>
<DIV> </DIV>
<DIV>./configure</DIV>
<DIV>make</DIV>
<DIV> </DIV>
<DIV>ssl and sql is running, wasn`t sure how to disable ssl or sql from the 
snort configure</DIV></BODY></HTML>