Re: Snort only partially alerting.

[Frank Calone <fc10011001 () gmail com>]

I added the following option to the command line:
-k none

Here is the full command line I'm using:
/usr/sbin/snort -A fast -b -d -D -k none -i em3 -u snort -g snort -c
/etc/snort/snort.conf -l /var/log/snort -G 3

I was hopeful this would fix the alerting, however, it did not.  I had two
alerts today that the new Snort server did not flag.  Any other suggestions
on what to check out next is much appreciated.

Frank

On Wed, Jun 12, 2013 at 9:16 PM, Joel Esler <jesler () sourcefire com> wrote:

>   On Jun 12, 2013, at 11:33 AM, Frank Calone <fc10011001 () gmail com> wrote:
>
> Snort on the appliance alerted but Snort on the server did not.
>
>
> Dear Frank,
>
> Thanks for your email.  I believe you will find what you are looking for
> here:
> https://github.com/vrtadmin/snort-faq/blob/master/FAQ/Im-not-receiving-alerts-in-Snort.md
>
> --
> *Joel Esler*
> Senior Research Engineer, VRT
> OpenSource Community Manager
> Sourcefire
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!