Snort mailing list archives

Re: not write alert file

From: Matt Kettler <mkettler () evi-inc com>
Date: Fri, 14 Nov 2003 12:08:47 -0500

At 03:30 AM 11/14/2003, Hideki Hirata wrote:

# ping (eth0_address in my server) (enter)
# ping (same subnet among other host ipaddress ) (enter)

/var/log/snort/alert log not write.!!
nothing write.

why would pinging your snort box with a normal ping cause an alert?. didyou add the rules that do this? (by default they are NOT included whenusing the default snort.conf).

pinging on your loopback will likely cause alerts because it's address is127.0.0.1, which is pretty unusual..

pinging a normal machine is pretty normal.. if you logged every suchincident you'd have a pretty noisy sensor.







-------------------------------------------------------
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

not write alert file Hideki Hirata (Nov 14)
- Re: not write alert file Matt Kettler (Nov 14)
  - Re: not write alert file Hideki Hirata (Nov 17)
    - Re: not write alert file Josh Berry (Nov 17)
    - Re: not write alert file Hideki Hirata (Nov 18)
  - Re: not write alert file Hideki Hirata (Nov 17)