Need help: Snort not logging properly

[Ashu Singh <akandari2012 () gmail com>]

Hi all,

I have installed snort on Alienvault device(preinstalled) ver : 2.9.3

We have four interface, one ethois  main interface, second is eth1 is
secondary (backup) eth2 and eth3 are promis interface primary and backup
respectively.

We are receiving traffic on eth2 interface and its increasing  day by day.
But in my Alienvault console, I hardly received any alert. 2-3 alerts in a
day.

Even test icmp rule is not generating alerts. Some time back while
troubleshooting with device interface, then there were lot of test icmp
rule generated. But because of that patch, device got hanged and need to
rollback that software ( itwas some alienvault10G interface device driver).

Even logs file are generating in var/log/snort/ but there size was also not
very big  hardly 1000KB in a day there was some 5 or 6 such files created
in a day.

Need to know why snort is not able to generate alert properly.  What are
test which are safe enough to be executed in live network, I can try.

Kindly help

------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from 
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!