snort is logging alerts but not capturing corresponding packets for some rules

["Kumar, Mahendra" <mkumar () intacct com>]

Hi,

I am using snort-2.9.0.5 with daq-0.5-9 and libpcap1-1.1.1-9 on Centos 5.5 (x86_64). I am not using any other thing 
like unified2, base, barnyard, mysql etc.
My snort is working properly and I am getting alerts and packet captures in snort.log in tcpdump format.
But for some rules (e.g. SHELLCODE sid:1394) I get the alert logged but there is no packet capture in snort.log and it 
is very consistent behavior, i.e. I will never get packet captures for some of the rules but will always get alert so 
it is not a packet drop problem. It seems to be a config issue where the alert is logged but no packet captures.
Please help me resolve this issue.

Thanks,
MK

------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network 
management toolset available today.  Delivers lowest initial 
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users