snort, where to listen?

To: debian-security@lists.debian.org
Subject: snort, where to listen?
From: debian@raycone.net
Date: Fri, 16 May 2003 09:49:32 +0200
Message-id: <3EC4B42C.10587.659462@localhost>

Hi all,

I just installed Snort IDS on my firewall Debian box which is so configured:

eth0 10.0.0.1 (serves internal LAN)
eth1 192.168.100.1 (directly connected to an ADSL modem auto-connecting to the 
provider with IP 192.168.100.2)

I run snort on eth1 NOT in promiscuos mode and I send periodic email reports to me.

The problem is that I receive messages from the kernel (firewall) indicating some 
"action" blocked from the internet, but snort never shows up anything in its reports.

Could someone tell me if I misconfigured the system and, please, a possible right 
configuration ?

Thans in advance

Alex

Reply to:

Follow-Ups:
- Re: snort, where to listen?
  - From: tps@unslept.com

Prev by Date: Setting up VPN's
Next by Date: RE: Setting up VPN's
Previous by thread: Re: Setting up VPN's
Next by thread: Re: snort, where to listen?
Index(es):
- Date
- Thread