I've installed the logsend addons in my ipcop firewall and I saw that my
red interface is eth 1. When the logsheck.sh has a report about snort, it
consider the /var/run/snort_eth0.pid but I have the /var/run/
snort_eth1.pid so the logcheck.sh script ignores my /var/log/snort/
alert. Maybe I should enable the snort on the green interface (eth 0)
but I want to see what is happening on the red interface. Could you
help me? I'll apreciate it a lot!!
Log in to post a comment.