Snort mailing list archives

Re: Snort not generating alerts

From: Dorian ROSSE via Snort-users <snort-users () lists snort org>
Date: Sun, 20 Oct 2019 11:58:39 +0000

It is explained here in a pdf :

http://users.du.se/~hjo/cs/common/books/Log%20Parser/9781932266528.PDF

De : Snort-users <snort-users-bounces () lists snort org> De la part de bobby via Snort-users
Envoyé : samedi 19 octobre 2019 17:11
À : wkitty42 () windstream net
Cc : snort-users () lists snort org
Objet : Re: [Snort-users] Snort not generating alerts

I do not get those alerts on my console screen.

On Thu, Oct 17, 2019 at 7:57 PM wkitty42--- via Snort-users <snort-users () lists snort org<mailto:snort-users () lists 
snort org>> wrote:

i'm putting this back on the list where it belongs instead of in private... my
responses are in line below...

On 10/17/19 7:42 PM, bobby wrote:

How do I know if it works?  It says it received 31119 packets.


are you getting those alerts you were looking for if you add it? that's how you
know ;)

Also, not sure if I can do this with an inline interface.


shouldn't matter...

On Sat, Oct 12, 2019 at 9:32 PM wkitty42--- via Snort-users wrote:

    On 10/12/19 7:22 PM, bobby via Snort-users wrote:
     > I am running Snort on a Ubuntu 16 server.  I made sure my interface is in
     > promiscuous mode.  I've also tested the configuration file, and it returned
     > fine.  I tested with local.rules, for ICMP alerts, which works file.  But
    when
     > Snort is running, no alerts are generated otherwise.  I went through my
    rules,
     > and I have over 80,000 rules active.  I am not sure if this matters, but
    they
     > are set to 'drop'.
     > Please advise.  Thank you.


    have you tried adding "-k none" to your snort command line?

    you might also want to disable all offloading of tasks to your NIC or other
    cards so that snort can perform those offloaded tasks itself...


--
  NOTE: No off-list assistance is given without prior approval.
        *Please keep mailing list traffic on the list unless*
        *a signed and pre-paid contract is in effect with us.*
_______________________________________________
Snort-users mailing list
Snort-users () lists snort org<mailto:Snort-users () lists snort org>
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

        To unsubscribe, send an email to:
        snort-users-leave () lists snort org<mailto:snort-users-leave () lists snort org>

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

        To unsubscribe, send an email to:
        snort-users-leave () lists snort org

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Current thread:

Snort not generating alerts bobby via Snort-users (Oct 12)
- Re: Snort not generating alerts wkitty42--- via Snort-users (Oct 12)
  - Message not available
    - Re: Snort not generating alerts wkitty42--- via Snort-users (Oct 17)
    - Re: Snort not generating alerts bobby via Snort-users (Oct 19)
    - Re: Snort not generating alerts Dorian ROSSE via Snort-users (Oct 22)