Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Missing Packet Logs

From: marco <marco_r () mail pt>
Date: Mon, 27 Aug 2001 13:52:28 +0100
I'm experiencing a strange problem with snort. It looks as if the packet
logs are not generated for all alerts. I'm noticing this with a few
signatures in particular WEB-MISC apache DOS attempt, sid:1156 and SMTP
RCPT TO overflow, sid:654. There was also one case where the signature
WEB-IIS cmd.exe access, sid:1002 produced normal packet logs except for one
IP. In these cases there are no packet logs and not even the directory for
the source IP.
Any thaughts or ideas?

I'm running snort 1.8.1 on Solaris with the following commandline:
/usr/local/bin/snort -A fast -c /usr/local/snort/snort.conf -l /log/snort
-d -e -i qfe1

thanks,
marco
-- 
Crie o seu email gratuito no mail.pt
http://www.mail.pt

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: