Menu
▾
▴
Re: [Snort-inline-users] configuring reporting/logfile questions
|
From: Will M. <wil...@gm...> - 2006-01-13 00:30:26
|
Hmmmmm are you running bridge or nat mode? If you start with -v do you see traffic passing? If you are in NAT mode are you allowing stream4 to see both sides of the conversation i.e. queueing in both INPUT and OUTPUT? Regards, Will On 1/12/06, Michael W Cocke <co...@ca...> wrote: > I've managed to make snort_inline 2.4.3-RC3 work - I think. The ascii > log files are empty (yes, I started with -K ascii), and I don't know > if/how I can log to base or squil (I think that's how it's spelled). > Ideally I'd like to do both, but I'll settle for either. > > I'm pretty sure something should be in the logs at this point because > when I accidentally made snort work I had a dozen incidents in an > hour. I'm fairly certain that it's working because I've configured my > firewall to dump to ip_queue and I can still connect, but I'd be > happier with confirmation. 8-)> > > Thanks for any assistance. > > Mike- > -- > If you're not confused, you're not trying hard enough. > -- > Please note - Due to the intense volume of spam, we have installed > site-wide spam filters at catherders.com. If email from you bounces, > try non-HTML, non-encoded, non-attachments, > > > ------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. Do you grep through log fi= les > for problems? Stop! Download the new AJAX search engine that makes > searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! > http://ads.osdn.com/?ad_id=3D7637&alloc_id=3D16865&op=3Dclick > _______________________________________________ > Snort-inline-users mailing list > Sno...@li... > https://lists.sourceforge.net/lists/listinfo/snort-inline-users > |
