No Events/Alerts Arriving in Snorby

["Matt M." <mr10001 () gmail com>]

Afternoon,

I appear to have Snort, Barnyard, and Snorby running, but in attempting to
test that alerts are arriving in Snorby, I'm not getting anything.

First, do I need to start Snort, Barnyard, and Snorby and if I need to
start more than Snorby, should I do it in that order?

Second, I've added the following rule to my snort.conf
alert ip any any -> any any (msg: "ICMP packet detected!"; sid: 1;)

Then turned off my firewall and started a ping, but nothing happens in
Snorby.

Thanks for any help on this one,

-- 
M., CISSP, GCFE, GCFA

*“*To disagree leads to study, to study leads to understanding, to
understand is to appreciate, to appreciate is to love. So maybe I’ll end up
loving your theory.*”* -*John Wheeler*

------------------------------------------------------------------------------
Want excitement?
Manually upgrade your production database.
When you want reliability, choose Perforce
Perforce version control. Predictably reliable.
http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!