have set this up before but this is the first time on redhat i`ve had an
issue with snort not logging alerts whatsoever..

config file

output alert_syslog: LOG_LOCAL3 LOG_INFO
var HOME_NET x.x.x.x.0/28
var DNS_SERVER x.x.x.x/32
preprocessor http_decode: 80
preprocessor minfrag: 128
preprocessor portscan: $HOME_NET 25 5 /var/log/portscan.log
preprocessor portscan-ignorehosts: $DNS_SERVER

include /home/snort/nids/webcgi-lib
include /home/snort/nids/webcf-lib
include /home/snort/nids/webiis-lib
include /home/snort/nids/webfp-lib
include /home/snort/nids/webmisc-lib
include /home/snort/nids/overflow-lib
include /home/snort/nids/finger-lib
include /home/snort/nids/ftp-lib
include /home/snort/nids/smtp-lib
include /home/snort/nids/telnet-lib
include /home/snort/nids/misc-lib
include /home/snort/nids/netbios-lib
include /home/snort/nids/misc-lib
include /home/snort/nids/scan-lib
include /home/snort/nids/ddos-lib
include /home/snort/nids/backdoor-lib
include /home/snort/nids/ping-lib
include /home/snort/nids/rpc-lib
include /home/snort/nids/email-virus-lib

syslog conf file

#Keith =)
local3.info /var/log/systemsec

when I run snort in verbose I see all traffic on the physical and virtual
interface but once I apply the rules snort goes blind..

syslog is working as I tested it, so it comes down to snort not working right

was a basic config with no special options

./configure
make

ssl and sql is running, wasn`t sure how to disable ssl or sql from the snort configure

_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]