Snort mailing list archives

Re: Rules not hit on 2.9.1.1 sensor

From: Peter Bates <peter.bates () ucl ac uk>
Date: Thu, 20 Oct 2011 17:20:55 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hello all...

On 20/10/2011 16:33, Martin Holste wrote:

The same happens on 2.9.1.1 when using a pcap readfile?


I've tried with the following:

snort -c /etc/snort/pcap.conf -r tcpdump.log -A console -q

'pcap.conf' is similar to my snort.conf but with afpacket DAQ
commented out and only including one ruleset.

However this doesn't work on my 2.8.6 box either with a tcpdump.log
generated from the actual alert so I'm obviously using the -r option
incorrectly!

- -- 
Peter Bates
Senior Computer Security Officer    Phone: +44(0)2076792049
Information Services Division       Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJOoEpnAAoJELhVoVpEMS6RI1EIAIjvRYpchDBjgesI0rOLsE8P
/z87i2S1MCT4+RJpHZxuC26iJlFM0z5jBCIhLacgE547+G4nZXmRU/eMCBxynvcU
xfAf/PSG2L4WSCb2CrOjQG9x4wYPHLFN28OiQ2KqvKSp4SDxMoG2m1AQZweqM/Jy
RSr0K5/gI7z1Ddas7nN2AnkS/8YtpJ+So0ywIxzmgXiJCfSaa5cS40M3qwtUw8T0
gODbXcD/nEmRtA2R/T9sk8u3c7oN3t8OQdRVAo5mzDaI3vyRAyO230KYpoF952zt
Aao4UwzsfpTMbhAhPwPlmeM1O0b4kLZwad6BYbvEASIQk2TKqVEo0zj+u9GWwWo=
=CtoH
-----END PGP SIGNATURE-----


------------------------------------------------------------------------------
The demand for IT networking professionals continues to grow, and the
demand for specialized networking skills is growing even more rapidly.
Take a complimentary Learning@Ciosco Self-Assessment and learn 
about Cisco certifications, training, and career opportunities. 
http://p.sf.net/sfu/cisco-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Rules not hit on 2.9.1.1 sensor Peter Bates (Oct 20)
- Re: Rules not hit on 2.9.1.1 sensor Peter Bates (Oct 20)
  - Re: Rules not hit on 2.9.1.1 sensor Martin Holste (Oct 20)
    - Re: Rules not hit on 2.9.1.1 sensor Peter Bates (Oct 20)
    - Re: Rules not hit on 2.9.1.1 sensor Martin Holste (Oct 20)
    - Re: Rules not hit on 2.9.1.1 sensor Peter Bates (Oct 20)
    - Re: Rules not hit on 2.9.1.1 sensor Joel Esler (Oct 20)
    - Re: Rules not hit on 2.9.1.1 sensor Martin Holste (Oct 20)
    - Re: Rules not hit on 2.9.1.1 sensor Peter Bates (Oct 21)