Snort mailing list archives

Snort not logging alerts.

From: Lyndon Tiu <ltiu () alumni sfu ca>
Date: Thu, 29 Jul 2004 11:47:57 -0700

Hello, 
 
I've googled to no avail. 
 
I am wondering if you guys can help. 
 
I have the latest snort installed 2.1.3 from snort.org. I commpiled and 
installed. 
 
I have the rules installed under /usr/local/etc/snort/rules. 
I have /usr/local/etc/snort/snort.conf configured. 
 
I start snort: 
 
/usr/local/bin/snort -dev -i eth1 -c /usr/local/etc/snort/snort.conf 
 
Sbort starts up fine, but when I send it a code red http request: 
 
All I get are: 
 
Rule application order: ->activation->dynamic->alert->pass->log 
 
        --== Initialization Complete ==-- 
 
-*> Snort! <*- 
Version 2.1.0 (Build 9) 
By Martin Roesch (roesch () sourcefire com, www.snort.org) 
07/29-11:44:42.071614 0:10:A4:89:A9:12 -> 0:A0:24:CC:5E:FC type:0x800 
len:0x4A 
192.168.0.2:32806 -> 192.168.0.1:80 TCP TTL:64 TOS:0x0 ID:6238 IpLen:20 
DgmLen:60 DF 
******S* Seq: 0xC4AB409B  Ack: 0x0  Win: 0x16D0  TcpLen: 40 
TCP Options (5) => MSS: 1460 SackOK TS: 612549 0 NOP WS: 0 
 
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 
 
07/29-11:44:42.071780 0:A0:24:CC:5E:FC -> 0:10:A4:89:A9:12 type:0x800 
len:0x36 
192.168.0.1:80 -> 192.168.0.2:32806 TCP TTL:64 TOS:0x0 ID:1138 IpLen:20 
DgmLen:40 DF 
***A*R** Seq: 0x0  Ack: 0xC4AB409C  Win: 0x0  TcpLen: 20 
 
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 
 
 
I am not getting any alerts as expected!! 
 
 
What am I missing? 
 
 
Thank for any tips. 
 
 
-- 
Lyndon Tiu 


-------------------------------------------------------
This SF.Net email is sponsored by OSTG. Have you noticed the changes on
Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now,
one more big change to announce. We are now OSTG- Open Source Technology
Group. Come see the changes on the new OSTG site. www.ostg.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snort not logging alerts. Lyndon Tiu (Jul 29)
- <Possible follow-ups>
- RE: Snort not logging alerts. Esler, Joel - Contractor (Jul 29)
- Re: Snort not logging alerts. Lyndon Tiu (Jul 29)
- Re: Snort not logging alerts. Lyndon Tiu (Jul 29)
  - Re: Snort not logging alerts. sekure (Jul 29)
- Re: Snort not logging alerts. Lyndon Tiu (Jul 29)