Snort mailing list archives
Re: darpa dataset problem(zero alert)
From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Mon, 25 Aug 2014 13:00:57 +0000
You didn’t have any rules fire. But you have your rules uncommented, which means, either you didn’t download the ruleset, or if you did download the ruleset, you are running said rules, or the rule files are blank for some reason. In any case, you have a misconfiguration in your snort.conf that is not allowing you to run the rules. -- Joel Esler Open Source Manager Threat Intelligence Team Lead Talos On Aug 20, 2014, at 4:36 PM, mehdi maleki <mehdimlk2003 () yahoo com<mailto:mehdimlk2003 () yahoo com>> wrote: On Wednesday, August 20, 2014 2:34 AM, mehdi maleki <mehdimlk2003 () yahoo com<mailto:mehdimlk2003 () yahoo com>> wrote: Hi Esler & Waldo My question was not answered! When rule set (registered snortrules-snapshot-2962) and input pcap file (darpa dataset) is same to yours why the output alert file is very different? Your output alert file have many gid: 1 alerts but there is any gid: 1 alert in my output alert file. What is my problem? What changes do i need to perform in snort.conf file to have output same to you? I attach my snort.conf file & alert file. Thanks m. maleki <alert_config.zip>------------------------------------------------------------------------------ Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: darpa dataset problem(zero alert), (continued)
- Re: darpa dataset problem(zero alert) waldo kitty (Aug 05)
- darpa dataset problem(zero alert) mehdi maleki (Aug 06)
- Message not available
- Message not available
- Fw: re: darpa dataset problem(zero alert) mehdi maleki (Aug 06)
- Message not available
- Re: darpa dataset problem(zero alert) Joel Esler (jesler) (Aug 07)
- Re: darpa dataset problem(zero alert) Joel Esler (jesler) (Aug 12)
- Re: darpa dataset problem(zero alert) mehdi maleki (Aug 25)
- Fw: darpa dataset problem(zero alert) mehdi maleki (Aug 25)
- Re: darpa dataset problem(zero alert) Joel Esler (jesler) (Aug 19)
- Re: darpa dataset problem(zero alert) waldo kitty (Aug 19)
- Fw: darpa dataset problem(zero alert) mehdi maleki (Aug 25)
- Re: darpa dataset problem(zero alert) Joel Esler (jesler) (Aug 25)
- Re: darpa dataset problem(zero alert) waldo kitty (Aug 25)