Snort not working?
-
I have snort installed and with almost all of the rules turned on except for chat and p2p. It shows as running in the gui, and I see the process in top. But I'm not getting any alerts or blocks. I find this hard to believe, as when I was previously running snort, I was getting at least a couple hits a day.
Is there something in the setup I need to change or check? How can I tell it's working correctly?
-
What interface is it running on?
-
-
Can you give a bit of info about your network setup? (asci/paint diagram would be nice)
-
Not to be difficult, but what does that have to do with snort picking up things from the internet?
-
If you have something before the pfsense, sometimes the modems associated with dsl/cable have firewalls naturally enabled on them.
-
If you have something before the pfsense, sometimes the modems associated with dsl/cable have firewalls naturally enabled on them.
Just the same Moto 6120 I've been running previously.
-
I have the same issue… I may just build the damn thing by hand... it seems that it doesn't pick up EXTERNAL and INTERNAL net...
-
-
So, I went to GRC and did a port scan on my ip. Still nothing from Snort. I'm beginning to wonder if it's even running.
What can I look at in order to tell if things are working correctly?
-
when snort starts up, it fills the whole systemlog with messages. The last ones should be like this:
snort[62829]: Snort initialization completed successfully (pid=62829) Mar 25 00:02:18 snort[62829]: Snort initialization completed successfully (pid=62829) Mar 25 00:02:18 snort[62829]: --== Initialization Complete ==-- Mar 25 00:02:18 snort[62829]: --== Initialization Complete ==-- -
Yeah, it turned out I had to turn on the preprocessors.
BTW, it lists an option for collecting performance statistics, but I couldn't find where they're collected. Any ideas?