Snort mailing list archives
Re: FW: snort 2.9.4.6 not logging
From: Maged Shenouda <maged67 () hotmail com>
Date: Tue, 23 Jul 2013 12:29:52 -0400
Thanks for the feedback, so all those rules files that are included in the /snort/rules and those that are included in the snort.conf are not alerting any suspecious traffic? wow my system must be very secure and not attracting any one?
Date: Tue, 23 Jul 2013 12:20:04 -0400 From: wkitty42 () windstream net To: snort-users () lists sourceforge net Subject: Re: [Snort-users] FW: snort 2.9.4.6 not logging On 7/23/2013 08:52, Maged Shenouda wrote:I copied the test rules to local_test.rules and added the local_test.rules to snort.conf then restarted snort This time it is logging a lot of alerts, so what is wrong with my configurations??if the only thing you did was to add the local-test.rules and you did not change anything else in snort.conf, then there is nothing wrong with your configuration... the "problem" would seem to be that there is not traffic that matches your rules and so there is nothing for snort to raise an alert about... snort raises alerts on the local-test.rules because they grab everything and do not bother to check for content matches... most snort rules check for content matches and if traffic does not contain the sought content, the rule will not alert... that is proper operation... -- NOTE: No off-list assistance is given without prior approval. Please keep mailing list traffic on the list unless private contact is specifically requested and granted. ------------------------------------------------------------------------------ See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: snort 2.9.4.6 not logging, (continued)
- Re: snort 2.9.4.6 not logging waldo kitty (Jul 18)
- Re: snort 2.9.4.6 not logging Maged Shenouda (Jul 19)
- Re: snort 2.9.4.6 not logging waldo kitty (Jul 19)
- Re: snort 2.9.4.6 not logging Maged Shenouda (Jul 19)
- Re: snort 2.9.4.6 not logging Maged Shenouda (Jul 19)
- Re: snort 2.9.4.6 not logging waldo kitty (Jul 19)
- Re: snort 2.9.4.6 not logging Maged Shenouda (Jul 19)
- Re: snort 2.9.4.6 not logging waldo kitty (Jul 19)
- Message not available
- FW: snort 2.9.4.6 not logging Maged Shenouda (Jul 23)
- Re: FW: snort 2.9.4.6 not logging waldo kitty (Jul 23)
- Re: FW: snort 2.9.4.6 not logging Maged Shenouda (Jul 23)
- Re: FW: snort 2.9.4.6 not logging waldo kitty (Jul 23)
- Re: FW: snort 2.9.4.6 not logging Maged Shenouda (Jul 23)