Re: Nothing logged in Daemon mode

[Alberto Gonzalez <albertg () cerebro violating us>]

plex () attbi com wrote:

> Ok so i got snort to run.  I Have two boxes that im am playing with one run 
> suse linux iptables and snort.  It logges all kinds of things even witha 
> restrictive script.  Now Just as a test i set the rules on my openbsd box to 
> allow all(ahhhhh!) well just to test it.  I then ran nmap and acid to probe it 
> thinking that all kinds of alerts would come up, but non did.   However when i 
> run snort with out the -D switch it loggs ARP packets from my dns server, i 
> know i should fix this:)  

Make sure that it is running. when you specify -D. If there is an error, 
it wont output to stdout. So after
you execute it, check your ps output to verify it is running. What 
machine are you running those nmap
scans from? Outside the local LAN?

> But why is nsort not logging even with out packet 
> filtering turned on.  It on an ATTBI connection so i guess i need not say more 
> about how many portscans i get.

That doesn't mean nothing, im on comcast and I don't see as much traffic 
as I would *like* to. Portscans
aren't interesting as they used to be back in the days (like im that 
old) same ol nmap bs...

>  What could be going on? oya i tried to make a 
> rule that would balze the alarms for any tcp connect acording to the 
> faq...nothing. Im stuck.
>  

Cheers!

   - Alberto

--
The secret to success is to start from scratch and keep on scratching.




-------------------------------------------------------
This SF.net email is sponsored by: Get the new Palm Tungsten T 
handheld. Power & Color in a compact size! 
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users