Snort mailing list archives

Re: darpa dataset problem(zero alert)

From: waldo kitty <wkitty42 () windstream net>
Date: Mon, 25 Aug 2014 22:17:05 -0400

On 8/13/2014 4:03 PM, mehdi maleki wrote:

default configuration of rule doesn't generate alert, so i changed some in
snort.conf (enable some alert). near 23000 alert generated, but there isn't
gid=1. general alert didn't generated in my output alert file.while in your
output there are many gid=1 alert. which section responsible of gid=1 alerts?


if there's no GID:1 alerts, that would seem to indicate that you have no text 
based rules being loaded and in effect... they are generally loaded at the 
bottom of the snort.conf file with include statements...


-- 
  NOTE: No off-list assistance is given without prior approval.
        Please *keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.

------------------------------------------------------------------------------
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

darpa dataset problem(zero alert), (continued)
- darpa dataset problem(zero alert) mehdi maleki (Aug 06)
  - Message not available
    - Message not available
    - Fw: re: darpa dataset problem(zero alert) mehdi maleki (Aug 06)
  - Re: darpa dataset problem(zero alert) Joel Esler (jesler) (Aug 07)
    - Re: darpa dataset problem(zero alert) Joel Esler (jesler) (Aug 12)
    - Re: darpa dataset problem(zero alert) mehdi maleki (Aug 25)
    - Fw: darpa dataset problem(zero alert) mehdi maleki (Aug 25)
    - Re: darpa dataset problem(zero alert) Joel Esler (jesler) (Aug 19)
    - Re: darpa dataset problem(zero alert) waldo kitty (Aug 19)
    - Fw: darpa dataset problem(zero alert) mehdi maleki (Aug 25)
    - Re: darpa dataset problem(zero alert) Joel Esler (jesler) (Aug 25)
    - Re: darpa dataset problem(zero alert) waldo kitty (Aug 25)
- Re: darpa dataset problem(zero alert) stephane.nasdrovisky (Aug 09)