LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 02-10-2005, 07:35 AM   #1
soren625
Member
 
Registered: May 2004
Distribution: Fedora Core
Posts: 64

Rep: Reputation: 15
Snort does not log alerts


Hi, I have been using (or trying to use) snort for the last couple weeks. However, I seem to be having issues getting Snort to log alerts.

I downloaded the latest rules definitions from snort.org and placed them in /etc/snort.

I invoked snort like this:

snort -Dde

(the HOME_NET and EXTERNAL_NET, etc. variables are all correctly set in the conf file as far as I can tell, and the snort.conf file is in the default location.)

I know snort is running as a daemon because I can see it in the process list output by ps -A. I also get logs for each host that connects (I get folders named by IP address with logs by port in each folder. But my alerts file stays empty.

I know that the rules should be catching some alerts, because I can see that I am getting NIMDA and CODE RED attack info from my httpd logs.

I am using the latest stable Snort on Fedora Core 3.

Thanks for your help.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
snort alerts lord-fu Linux - Security 1 11-25-2005 04:28 PM
Snort Alerts ?? zahra79 Linux - Networking 5 06-22-2005 06:11 AM
Snort only alerts snmp gummimann Linux - Security 5 02-04-2004 02:03 PM
Snort Alerts knight_ridda Linux - Security 13 06-21-2003 05:32 PM
Interpreting Snort log files and alerts epeus Linux - Security 6 10-21-2002 10:47 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:46 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration