Snort mailing list archives

Snort

From: "Scott Taylor" <scottt () soccer com>
Date: Tue, 19 Feb 2002 13:46:27 -0800

I'm running snort 1.8.3-5 on Redhat 7.1. Libpcap 
is 0.6.2-9. Below is showing how my sensor is 
located. The external ip of my firewall is 
x.x.x.27 and the ip on my sensor is x.x.x.223
the subnet mask from my isp is 255.255.255.0
                    _
                   |h|
 ISP-----DSL-------|u|-------snort-box
                   |b|-------firewall------|Lan|
                    -
I've set my snort.conf home_net and all the 
variables regarding ip address's to "any". If I 
run snort in sniffer mode I can see traffic. If 
I run in NIDS mode it shows nothing in the logs. 
even if I go to grc.com and do a portscan it 
show's nothing in /var/log/snort/alert or 
portscan.log . There is also a file snort-
timestamp.log but it is in binary format. I'm 
trying to setup Snort Snarf to read the log's. 
When I run it it generates the page but there 
are no alerts. It shows it's looking in alerts 
and portscan.log. Here's the command I'm running 
snort with:

snort -l /var/log/snort -
c /etc/snort/snort.conf -o -b -A FULL -z est

How do I read what's in the snort-timestamp.log?
Why is it now logging any alerts or portscans?

Thanks for any help and take three drinks if 
your so inclined.

Cheers,
Scott



THERE IS ONLY ONE... 
SOCCER.COM, The Center of the Soccer Universe
http://www.soccer.com

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snort Scott Taylor (Feb 19)
- <Possible follow-ups>
- Re: Snort Scott Taylor (Feb 19)
  - Re: Snort Erek Adams (Feb 20)
- RE: Snort Semerjian, Ohanes (Feb 19)