|
|
|
|
Snort Forums Archive
Archive Home » Support » not getting snort alert messages
Please note that the categories listed below represent an archived version of our forums pages. To view the current version and be able to post and reply to threads, please register and login here to go to the full forums pages.
[ Notice: Full Version of This Topic ]
not getting snort alert messages
Posted by rakeshm on March 29, 2005 23:25:41
I am using snort for the first time, I have installed & configured it properly but I am not getting alert log messages in the specified path.The command I am issueing is like bellow.
snort -dev -l /var/log/snort/nidslog -h 203.197.0.0/24 -c /usr/local/snort/etc/snort.conf
I am not getting any log messages at all.
please help me in this regard. |
|
Posted by jvhaysx on March 30, 2005 05:32:40
Here are some ideas that may be of use to you:
1. Add -T to snort command line to verify switches and configs
2. Check permissions on the log file and log directories
3. Even though you specify the log directory you still need to configure /etc/syslog.conf and restart syslogd.
|
|
Posted by Amit_sharma on August 20, 2006 06:30:29
Rakesh; Where exactly have you placed your snort ?
Is that strategically placed in your network ?
Is this your gateway ? Or any proxy ?
Do you have plugged your box over to some spawn port @ your switch ?
Or into sum hub ?
Any or all of them could be one possible reason for you in not getting much of the alerts.
I am assuming that rest of your installation was error free & you are having all of those rules @ proper locations.
Regards.. |
|
|
|
|
|
