Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Snort won't log anything! Please help...

From: Erek Adams <erek () snort org>
Date: Fri, 28 Mar 2003 14:57:28 -0500 (EST)
On Fri, 28 Mar 2003, Kalteis, Nico (Contractor) wrote:


By the way, I just noticed this:  When I simply use the rule

alert any any -> any any

Snort logs just fine.  It sets up a whole separate folder for any IP address
it talks to.

But the moment I add ANYTHING behind that line containing a signature it
just sits there and does nothing.  Specifically, I tried this with a simple
"cmd.exe" rule.  Then I kept cutting down the signature part until all i was
left with was (content:"cmd.exe";) but to no avail.  Can anybody tell me why
it will log packets but not if I include a signature it's supposed to match?


That says your .conf file isn't right in some manner.

How are you starting snort?  What does your command line read?  Are you
trying to use relative paths?  Are you using -l <logdir>?  What do you
have defined as your RULE_PATH?  What does the output <foo> line look
like?

Give us a bit more hard data, and we'll be better equiped to help you out.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


-------------------------------------------------------
This SF.net email is sponsored by:
The Definitive IT and Networking Event. Be There!
NetWorld+Interop Las Vegas 2003 -- Register today!
http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: