log files empty

[Mark Cole <mcole () kerrlake com>]

Hi,

I have installed snort on ElementaryOS in a VM on a Mac (with Parallels). I have configured snort to use alert logging 
and packet logging via snort.conf. I have a very simple rule setup that alerts if any outgoing facebook connection. 
When I go to facebook I see the activity on the Snort console but nothing gets written to the logs. I think I have read 
every web page that I can find through Google on “snort log empty” or “snort log zero”. I have tried all of the 
recommendations that I can find. I can see the logrotate works because it creates a new snort.log.xxxxxxx every time I 
run snort - but they are always empty too.  Help!

This is what my rule looks like:
alert tcp $HOME_NET any -> $EXTERNAL_NET 80 (msg:"Facebook Web Request"; sid:9999; 
content:"facebook";flow:to_server,established;)

My snort.conf has these relevant entries:
config logdir: /var/log/snort
output alert_unified2: filename snort.alert, limit 128, nostamp
output log_unified2: filename snort.log, limit 128, nostamp 

##I have tried taking nostamp out based on one article I read with no change

Thank you!!
Mark




------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785111&iu=/4140

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!