Snort mailing list archives
Re: Snort not generating alerts
From: James Lay <jlay () slave-tothe-box net>
Date: Wed, 30 Oct 2013 13:25:04 -0600
On 2013-10-22 16:11, Matt . wrote:
Im ramping up on Linux and Snort, so not highly familiar with them yet. That said Ive installed Snort and Snort Report onto Ubuntu 12.04 via the instructions at the following URL and fixed the errrors that prevented snort and barnyward2 from running. http://www.symmetrixtech.com/articles/016-snortinstallguide2953.pdf [1] At this point I am not able to determine why its not generating alerts, the log files and are empty. If I add the following lines uncommented out to the bottom of snort.conf, data is put into the log files and database. But once I comment out the lines nothing is generated. #alert ip any any -> any any (msg:"Got an IP Packet"; classtype:not-suspicious; sid:2000000; rev:1;) #alert icmp any any -> any any (msg:"Got an ICMP Packet"; classtype:not-suspicious; sid:2000001; rev:1;) #alert icmp any any -> any any (msg:"ICMP Large ICMP Packet"; dsize:>800; reference:arachnids,246; classtype:bad-unknown; sid:2000499; rev:4;) Ive searched online and am stumped. Any assistance, pointers, recommendations would be much appreciated. Thanks, Matt
Let it run for a day, then see what happens. In this case I suspect no news is really that...nothing hitting (yet ;)). James ------------------------------------------------------------------------------ Android is increasing in popularity, but the open development platform that developers love is also attractive to malware creators. Download this white paper to learn more about secure code signing practices that can help keep Android apps secure. http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort not generating alerts Matt . (Oct 23)
- Re: Snort not generating alerts James Dickenson (Oct 24)
- <Possible follow-ups>
- Snort not generating alerts Matt . (Oct 30)
- Re: Snort not generating alerts James Lay (Oct 30)
- Re: Snort not generating alerts rmkml (Oct 30)
- Re: Snort not generating alerts James Lay (Oct 30)