Snort mailing list archives
snort is logging alerts but not capturing corresponding packets for some rules
From: "Kumar, Mahendra" <mkumar () intacct com>
Date: Mon, 25 Apr 2011 21:50:11 +0000
Hi, I am using snort-2.9.0.5 with daq-0.5-9 and libpcap1-1.1.1-9 on Centos 5.5 (x86_64). I am not using any other thing like unified2, base, barnyard, mysql etc. My snort is working properly and I am getting alerts and packet captures in snort.log in tcpdump format. But for some rules (e.g. SHELLCODE sid:1394) I get the alert logged but there is no packet capture in snort.log and it is very consistent behavior, i.e. I will never get packet captures for some of the rules but will always get alert so it is not a packet drop problem. It seems to be a config issue where the alert is logged but no packet captures. Please help me resolve this issue. Thanks, MK
------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort is logging alerts but not capturing corresponding packets for some rules Kumar, Mahendra (Apr 25)