Snort mailing list archives

Re: Empty output (unified) files

From: Joel Esler <jesler () sourcefire com>
Date: Thu, 22 Mar 2012 09:19:42 -0400

Please post your Snort command line and contents of the snort.conf. 

-- 
Joel Esler

On Mar 22, 2012, at 8:49 AM, Alojzy Kleks <testing4tester () ymail com> wrote:

Hi all,

I've installed snort on Ubuntu using the official documentation on Snort website (except installing reporting tool as 
I'm using snorby). When installation is completed, I wanted to test it. To my big suprise, snort is creating unified 
output files, but they're empty. I was testing using nmap with intense scanning (including both TCP and UDP) as well 
as LOIC, but all the files have size of zero. When I redirect output to -A console, I can clearly see the packets, 
also when I cancel snort process, in the summary I can clearly find statistics, but still nothing can be found in the 
files.
Any tips and tricks will be highly appreciated.
------------------------------------------------------------------------------
This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here 
http://p.sf.net/sfu/sfd2d-msazure
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here 
http://p.sf.net/sfu/sfd2d-msazure

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Empty output (unified) files Alojzy Kleks (Mar 22)
- Re: Empty output (unified) files Joel Esler (Mar 22)
  - Re: Empty output (unified) files Alojzy Kleks (Mar 22)
    - Re: Empty output (unified) files Alojzy Kleks (Mar 26)
    - Re: Empty output (unified) files Joel Esler (Mar 26)
    - Message not available
    - Message not available
    - Fw: Fwd: Empty output (unified) files Alojzy Kleks (Mar 26)
    - Re: Empty output (unified) files Joel Esler (Mar 26)
    - Re: Empty output (unified) files Alojzy Kleks (Mar 27)
    - Re: Empty output (unified) files Nick Moore (Mar 27)
    - Re: Empty output (unified) files Alojzy Kleks (Mar 27)
    - Re: Empty output (unified) files Joel Esler (Mar 27)
    - Message not available
    - Re: Empty output (unified) files Joel Esler (Mar 28)