Snort mailing list archives

Previous By Date Next
Previous By Thread Next

IPS and the alert file

From: Avery Rozar <Avery.Rozar () i-techsupport com>
Date: Wed, 5 Mar 2014 15:15:55 +0000
I just changed my snort box from IDS to IPS last night. I just checked the stats and found the following.

Action Stats:
Alerts:            0 (  0.000%)
Logged:            0 (  0.000%)
Passed:            0 (  0.000%)

Verdicts:
Allow:    113344169 ( 96.580%)
Block:         2111 (  0.002%)
Replace:          584 (  0.000%)
Whitelist:      4010987 (  3.418%)
Blacklist:            0 (  0.000%)
Ignore:            0 (  0.000%)


Since there are 2111 blocks, shouldn’t that also show up in Alerts? And shouldn’t an alert be written to the alert file?

Thanks,
Avery

------------------------------------------------------------------------------
Subversion Kills Productivity. Get off Subversion & Make the Move to Perforce.
With Perforce, you get hassle-free workflows. Merge that actually works. 
Faster operations. Version large binaries.  Built-in WAN optimization and the
freedom to use Git, Perforce or both. Make the move to Perforce.
http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: