Re: Snort + DARPA

[Tho Le Phuoc <thole020287 () gmail com>]

Hi,

I did go through that post before asking, but it doesn't help much. I don't
understand this

"
------------------------------

You didn’t have any rules fire.  But you have your rules uncommented,
which means, either you didn’t download the
ruleset, or if you did download the ruleset, you are running said
rules, or the rule files are blank for some reason.

In any case, you have a misconfiguration in your snort.conf that is
not allowing you to run the rules.

--
Joel Esler
Open Source Manager
Threat Intelligence Team Lead

Talos"


Thanks

Tho


On Mon, Oct 6, 2014 at 8:21 PM, Y M <snort () outlook com> wrote:

> There is a similar thread posted a while (
> http://seclists.org/snort/2014/q3/525) that discusses the same issue. Go
> through it and see if it offers any kind of help, if not we will be glad to
> help you through.
>
> YM
>
> ------------------------------
> Date: Mon, 6 Oct 2014 19:48:53 +0200
> From: thole020287 () gmail com
> To: snort-users () lists sourceforge net
> Subject: [Snort-users] Snort + DARPA
>
>
> Hi,
>
> I am spending a lot of time installing and running Snort with DARPA data
> set ( TCPdump) to get alert from Snort, however I always get no alert, no
> logging. Can you give me some hints for what I am doing wrong? I am
> installing Snort 2.9.6.2 on CentOS7 with latest rule on Snort.org. Anyone
> can advise what else should i do?
> [image: Inline image 1]
>
> [image: Inline image 2]
>
> Thanks for your help.
> --
> Best Regards,
>
> Le Phuoc Tho
>
> ------------------------------------------------------------------------------
> Slashdot TV. Videos for Nerds. Stuff that Matters.
> http://pubads.g.doubleclick.net/gampad/clk?id=160591471&iu=/4140/ostg.clktrk
> _______________________________________________ Snort-users mailing list
> Snort-users () lists sourceforge net Go to this URL to change user options
> or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users
> <https://lists.sourceforge.net/lists/listinfo/snort-usersSnort-users>
> list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!



-- 
Best Regards,

Le Phuoc Tho

------------------------------------------------------------------------------
Slashdot TV.  Videos for Nerds.  Stuff that Matters.
http://pubads.g.doubleclick.net/gampad/clk?id=160591471&iu=/4140/ostg.clktrk

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!