Re: 0 byte unifed log output

[James Lay <jlay () slave-tothe-box net>]

On 2013-04-25 05:37, John Ainsworth wrote:
> Hi
>
> Im sure it is something to do with rules, I turned on fastalert and
> tailed the fastalert file over night and did finally get some data 
> but
> the only alert raised was the one below, repeated lots of times
>
> 04/25-09:22:35.816992 [**] [1:24814:2] SNMP Samsung printer default
> community s
>
> tring [**] [Classification: Attempted Administrator Privilege Gain]
> [Priority: 1
>
> ] {UDP}
>
> I cant believe that is the only attack we would see, we are ecommerce
> and app logs are full of people probing to see what they can/cant get
> into, I have downloaded the lastest rule set and updated as directed
> but can only detect a SNMP probe.
>
> Thanks
>
> John

John,

Can you post say the first 40 lines of your snort.conf?  I'd like to 
see the variables you have defined.  Thanks.

James

------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service 
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!