Home page logo

snort logo Snort mailing list archives

Re: New snort install ipvar issue
From: James Lay <jlay () slave-tothe-box net>
Date: Fri, 24 Dec 2010 13:31:35 -0700

Here we go:

root     31407     1  0 11:58 ?        00:00:12 /opt/bin/snort -i ppp0 -D -c

I've also tried what I had before, which was eth1...I was getting alerts with
older snort version:

Dec 24 08:46:30 gateway snort[1779]: [122:20:0] (portscan) UDP Distributed
Portscan [Priority: 3] {PROTO:255} -> externalIP

But no longer.  Complete configline is:

./configure --prefix=/opt --with-dnet-includes=/opt/include
--with-dnet-libraries=/opt/lib --with-daq-includes=/opt/lib
--with-daq-libraries=/opt/lib --enable-ipv6 --enable-zlib

Really strange.

Thank you.


From:  John Gay <john.gay () sourcefire com>
Date:  Fri, 24 Dec 2010 15:16:16 -0500
To:  James Lay <jlay () slave-tothe-box net>
Cc:  Snort <snort-users () lists sourceforge net>
Subject:  Re: [Snort-users] New snort install ipvar issue

What command are you using to start snort? Can you show the results of ps
-ef | grep snort

On Dec 24, 2010 2:40 PM, "James Lay" <jlay () slave-tothe-box net> wrote:
Thanks JohnŠnot running IPv6, but ehŠwhatever works.  Now it seems I've
muffed something as I get no alerts whatsoever even after doing an nmap on
it.  I did have running fine on this, but now it seems nothing
causes an alert.  Anyone have any hints on why this would fire any alerts?
I even am testing ping outbound and inbound and nothing.  Config below:


What command are you using to start snort? What output are you using?  Can
you show the results of ps -ef | grep snort


Learn how Oracle Real Application Clusters (RAC) One Node allows customers
to consolidate database storage, standardize their database environment, and, 
should the need arise, upgrade to a full multi-node Oracle RAC database 
without downtime or disruption
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]