Snort mailing list archives
Re: Snort only partially alerting.
From: Frank Calone <fc10011001 () gmail com>
Date: Fri, 14 Jun 2013 15:50:23 -0400
I added the following option to the command line: -k none Here is the full command line I'm using: /usr/sbin/snort -A fast -b -d -D -k none -i em3 -u snort -g snort -c /etc/snort/snort.conf -l /var/log/snort -G 3 I was hopeful this would fix the alerting, however, it did not. I had two alerts today that the new Snort server did not flag. Any other suggestions on what to check out next is much appreciated. Frank On Wed, Jun 12, 2013 at 9:16 PM, Joel Esler <jesler () sourcefire com> wrote:
On Jun 12, 2013, at 11:33 AM, Frank Calone <fc10011001 () gmail com> wrote: Snort on the appliance alerted but Snort on the server did not. Dear Frank, Thanks for your email. I believe you will find what you are looking for here: https://github.com/vrtadmin/snort-faq/blob/master/FAQ/Im-not-receiving-alerts-in-Snort.md -- *Joel Esler* Senior Research Engineer, VRT OpenSource Community Manager Sourcefire
------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort only partially alerting. Frank Calone (Jun 12)
- Re: Snort only partially alerting. Joel Esler (Jun 12)
- Re: Snort only partially alerting. Frank Calone (Jun 14)
- Re: Snort only partially alerting. beenph (Jun 14)
- Re: Snort only partially alerting. Frank Calone (Jun 14)
- Re: Snort only partially alerting. Joel Esler (Jun 12)