Snort mailing list archives
Re: Snort not generating alerts
From: Peter Bates <peter.bates () ucl ac uk>
Date: Tue, 10 Jul 2012 14:21:08 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello all On 10/07/2012 14:09, Pratik Narang wrote:
Have you looked whether the unified2 file, 'snort.u2' in your configuration contains any alerts or data using u2spewfoo?Yes the log files do contain data (alerts?- can't see any...)
What does something like this show: u2spewfoo snort.u2.1341924701 |grep sig You should see something along the lines of: sig id: 3000035 gen id: 1 revision: 1 classification: 33 sig id: 2013068 gen id: 1 revision: 2 classification: 28 sig id: 23250 gen id: 1 revision: 1 classification: 21 The actual signatures you're hitting on.
I tried this umpteen times... even re-installing Barnyard2... Barnyard2.waldo must be empty to begin with (right?) since I am only creating the file. Then, why should it contain rubbish??
Barnyard should create the file initially - if I was testing and having problems I would a) stop snort b) stop barnyard2 c) delete (or move) files out of your LOGDIR d) start snort e) start barnyard2 You could also run barnyard2 in the foreground with -v but I seem to recall that doesn't show a great deal. - -- Peter Bates Senior Computer Security Officer Phone: +44(0)2076792049 Information Services Division Internal Ext: 32049 University College London London WC1E 6BT -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJP/CxDAAoJELhVoVpEMS6RGbsH/j0Aw2asnc+LKFJpWH21WBe0 CJf63S58XpwvVD6QRX2vXX92O6Lx9njEPdBhqH5J4/oY9cKjHXbsRw5LI68F1aJv FwgYjd/emsZdMSMctQTjTSUAj2yoIGxjXMh7OkyOoTFwXmg5cWjyOroo0E0ExsA0 6Q9wZ5xZP1D+kL0ghSOyKtxbFMVYh2dIv/90jlNZp79hsGkbPiPzFGkPTR1tSiX3 dyXV5BGepBIic6u/FxkKfGQdfXsxbQEZRSq240u1uefw6XoXHaSj5AreBicWzFPW Y3jWDb3IOI7rQfX+UIelIybwHrW5blXEnAsSJQN98QbxRTuhO0RG5VuC8YlGN8w= =pWxT -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort not generating alerts Pratik Narang (Jul 05)
- Re: Snort not generating alerts praveen_recker . (Jul 05)
- Re: Snort not generating alerts Pratik Narang (Jul 05)
- Re: Snort not generating alerts Pratik Narang (Jul 10)
- Message not available
- Re: Snort not generating alerts Pratik Narang (Jul 10)
- Re: Snort not generating alerts Richmond, Ian (Jul 12)
- Re: Snort not generating alerts Pratik Narang (Jul 05)
- Re: Snort not generating alerts praveen_recker . (Jul 05)
- Re: Snort not generating alerts Peter Bates (Jul 10)
- Re: Snort not generating alerts Pratik Narang (Jul 10)
- Re: Snort not generating alerts Peter Bates (Jul 10)
- Re: Snort not generating alerts Pratik Narang (Jul 12)
- Re: Snort not generating alerts Peter Bates (Jul 13)