Snort not generating any severity

[Khanh Tran <ktran () ktran com>]

Hello,

Successfully installed snort (v2.9.6.2) , barnyard2 (v2-1.13) and snorby
(v2.6.2).

For testing purposes, I added this rule to /etc/snort/snort.conf :
alert icmp any any -> any any (msg:"ICMP Test2"; sid:10000001; rev:1;)

With that signature, I verified snort generated events to unified2 files; and
barnyard2 successfully parsed those files to write to mysql. Snorby then
successfully displays records from mysql.

I spanned external and internal firewall interfaces to snort, and verified that
snort sees tons of traffic on its eth1 interface running in promiscuous mode.
 (See attached "Snorby Results.pdf")

I ran snort for 24 hours. Unfortunately it did NOT report any alerts or
severity! It continues to alert on my test ICMP rule but no other
records/alerts/events were written. I even ran a port scan against our firewall,
which was picked up by the firewall but not snort. What am I doing wrong??
 (I've attached my snort.conf)

Thanks in advance for the help!

KT

Attachment: snort.conf
Description:

Attachment: Snorby Results.pdf
Description:

Attachment: Snort Results.txt
Description:

------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!