snort not catching any packets

[Robert W <rwawrig () yahoo com>]

Hi,

I'm new to snort, so probably I'm missing something obvious..
I'm running snort with output unified2 and barnyard2 which is saving to mysql, and snorby as front-end.
Snort is not catching anything with only the rules enabled (snort.conf -> Step #7: Customize your rule set). The 
"merged.log" unified2 file stays at 0 bytes.
If I enable decoder and preprocessor event rules (#Step 8) then it starts catching events, but are coming up as Snort 
Alert [xxx:y:z]. The alerts are not mapped to names.

Also barnyard is giving this message:
[Event: 1] with [gid: 120] [sid: 3] [rev: 1] [classification: 2] [priority: 3]    was not found in barnyard2 signature 
cache, this could lead to display inconsistency. To prevent this warning, make sure that your sid-msg.map and 
gen-msg.map file are up to date with the snort process logging to the spool file.

I've checked again and again all the conf files and the variables, all point to the correct sid-msg.map and 
gen-msg.map. 


Any idea what may be wrong?

Thanks
Robert

------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service 
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!