Snort mailing list archives

Previous By Date Next
Previous By Thread Next

snort not logging

From: "steve nutt" <luckysnutt () cox net>
Date: Sat, 8 Jun 2002 21:01:48 +0100
Hello:

I have just setup a dedicated snort box with two network cards sitting
behind a cable modem. The snort box has a 0.0.0.0 address and is not logging
anything in /var/log/alert, and I am running snort with /usr/local/
aris-sensor/snort -A fast -b -q -l /var/log/snort -d -D -c
/usr/local/aris-sensor/snort.conf . I have a hub behind the cable modem and
two boxes plugged into this hub. One a firewall box and the other the snort
box. The second network card of the snort box is connect to the firewall dmz
card. Both boxes have snort running.

like this:

Internet------(cable modem)----(Internet-
Hub)-------------------(Firewall)-------(Hub)---------------------Trusted
Network
                                                        |
|
                                                        |
(DMZ)
                                                        |
|




                                                    |--- --(Snort)---------|

I am tailing alert and messages files on both boxes. When I port scan from
the internet side I get alerts on the firewall box but no alerts on the
snort box. Any ideas for no alerts being logged to the snort box????

Sincerely:
Steve



_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas - http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: