Snort does not log alerts
Hi, I have been using (or trying to use) snort for the last couple weeks. However, I seem to be having issues getting Snort to log alerts.
I downloaded the latest rules definitions from snort.org and placed them in /etc/snort.
I invoked snort like this:
snort -Dde
(the HOME_NET and EXTERNAL_NET, etc. variables are all correctly set in the conf file as far as I can tell, and the snort.conf file is in the default location.)
I know snort is running as a daemon because I can see it in the process list output by ps -A. I also get logs for each host that connects (I get folders named by IP address with logs by port in each folder. But my alerts file stays empty.
I know that the rules should be catching some alerts, because I can see that I am getting NIMDA and CODE RED attack info from my httpd logs.
I am using the latest stable Snort on Fedora Core 3.
Thanks for your help.
|