snort, where to listen?
Hi all,
I just installed Snort IDS on my firewall Debian box which is so configured:
eth0 10.0.0.1 (serves internal LAN)
eth1 192.168.100.1 (directly connected to an ADSL modem auto-connecting to the
provider with IP 192.168.100.2)
I run snort on eth1 NOT in promiscuos mode and I send periodic email reports to me.
The problem is that I receive messages from the kernel (firewall) indicating some
"action" blocked from the internet, but snort never shows up anything in its reports.
Could someone tell me if I misconfigured the system and, please, a possible right
configuration ?
Thans in advance
Alex
Reply to: