Hello Friends !
i was facing this problem with 7.900 also but wait for new version to come and some other things
i have configure logging>>setting>>Remote Logfile Archives on ubuntu server 9.10 previosly i did configure same thing on suse sles 10 but now i am using ubuntu server
using ftp server for remote log archives
2010:04:09-12:26:30 acenn snort[8234]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="RPC portmap proxy attempt UDP" group="440" srcip="192.168.3.125" dstip="192.168.2.255" proto="17" srcport="55344" dstport="111" sid="1923" class="Decode of an RPC Query" priority="2" generator="1" msgid="0"
my ubuntu server is 192.168.3.125 in/on DMZ but dont know how desip is 192.168.2.225
my asg server is 192.168.2.100
ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:9A:46:66
inet addr:192.168.2.100 Bcast:192.168.2.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:98131 errors:0 dropped:0 overruns:0 frame:0
TX packets:93642 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:48514766 (46.2 Mb) TX bytes:88172071 (84.0 Mb)
i am using esxi 4 with update1
thanks
