Snort mailing list archives
Re: Generating alert when reading tcpdump file
From: John Sage <jsage () finchhaven com>
Date: Thu, 4 Jul 2002 11:05:22 -0700
On Thu, Jul 04, 2002 at 09:29:59AM -0400, xun wang wrote:
Thanks for your prompt response. Actually I realized that I should specify the rules for snort to be able to trigger alert. But when I tried the "-c /path/snort.conf", I won't get anything except an empty alert file. When I removed this switch from my command, at least I could get lots of directory named with source IP addresses in the /var/log/snort directory. I didn't specify to write the alert to syslog, but I check the syslog as well and didn't find any alert. What is your thought?
Have you bothered to configure snort.conf correctly? It's not enough to just point to it via the command line, it's necessary to go through snort.conf and edit it to have it do what you want. Just a thought... - John -- "You are in a little maze of twisty passages, all different." PGP key http://www.finchhaven.com/pages/gpg_pubkey.html Fingerprint FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5 ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Caffeinated soap. No kidding. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Generating alert when reading tcpdump file tang xun (Jul 03)
- Re: Generating alert when reading tcpdump file Andrew R. Baker (Jul 03)
- Re: Generating alert when reading tcpdump file Erek Adams (Jul 03)
- <Possible follow-ups>
- Re: Generating alert when reading tcpdump file xun wang (Jul 04)
- Re: Generating alert when reading tcpdump file John Sage (Jul 04)
- Re: Generating alert when reading tcpdump file xun wang (Jul 04)
- Re: Generating alert when reading tcpdump file John Sage (Jul 04)
- Re: Generating alert when reading tcpdump file Andrew R. Baker (Jul 03)