Snort mailing list archives
Re: UDP alerts not logging
From: Phil Wood <cpw () lanl gov>
Date: Wed, 5 Dec 2001 08:17:46 -0700
On Tue, Dec 04, 2001 at 11:43:26PM -0200, Alex Rodrigues wrote:
Hi. My snort aren't loggin UDP packet, only TCP and ICMP. I'm using snort -dev -h xxx.xxx.xxx.xxx/24 -l /var/log/snort -c snort.conf Where is my mistake?
There is nothing on the command line that has anything to do with udp, tcp, or icmp. You need to look in two places. 1. Check the rules that are being used in snort.conf (or the files "included") for any udp rules that you expect to trigger. 2. Check your network: run tcpdump -i <your-network-interface> -n udp Maybe you don't have any udp %^). And if you do, it is not triggering any rules. You can always add a rule like: alert udp any any -> any any (msg: "ANY UDP, remove this rule"; classtype:not-suspicious;) As always, include as much information about your situation as possible. Otherwise, we start to iterate on what most likely is a simple problem.
Thanks. Alex _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Phil Wood, cpw () lanl gov _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- UDP alerts not logging Alex Rodrigues (Dec 04)
- Re: UDP alerts not logging Phil Wood (Dec 05)