Very Limited Logging

[Brian Swan <steelysama () gmail com>]

Hi all,
   I am having a strange problem with Snort. I recently installed it along
with Barnyard2 on a CentOS 6.3 64-bit machine. They both seemingly run
fine, but it looks like Snort is not committing very much at all to the log
files. All of the log files (I am using the unified2 type) are very small,
some of them empty, and Barnyard is registering only a single signature
repeatedly and at sparse intervals:

09/26-07:34:15.475267  [**] [1:23493:1] BOTNET-CNC Trojan.ZeroAccess
outbound communication  [**] [Classification: A Network Trojan was
Detected] [Priority: 1] {UDP} 77.8.197.82:57155 -> ***edited out***

The target IP is not from my machine, it is just on the same subnet.

I have tried adjusting all kinds of settings and nothing seems to make a
difference. The logging remains extremely sparse and seems confined to only
this one signature.

Snort v. 2.9.3.1
Barnyard2 v. 2.1.9

I will post output that might help.

Thank you,
   Steely

------------------------------------------------------------------------------
How fast is your code?
3 out of 4 devs don\\\'t know how their code performs in production.
Find out how slow your code is with AppDynamics Lite.
http://ad.doubleclick.net/clk;262219672;13503038;z?
http://info.appdynamics.com/FreeJavaPerformanceDownload.html

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!