Snort mailing list archives
RE: Snort won't log anything! Please help...
From: Erek Adams <erek () snort org>
Date: Fri, 28 Mar 2003 14:57:28 -0500 (EST)
On Fri, 28 Mar 2003, Kalteis, Nico (Contractor) wrote:
By the way, I just noticed this: When I simply use the rule alert any any -> any any Snort logs just fine. It sets up a whole separate folder for any IP address it talks to. But the moment I add ANYTHING behind that line containing a signature it just sits there and does nothing. Specifically, I tried this with a simple "cmd.exe" rule. Then I kept cutting down the signature part until all i was left with was (content:"cmd.exe";) but to no avail. Can anybody tell me why it will log packets but not if I include a signature it's supposed to match?
That says your .conf file isn't right in some manner. How are you starting snort? What does your command line read? Are you trying to use relative paths? Are you using -l <logdir>? What do you have defined as your RULE_PATH? What does the output <foo> line look like? Give us a bit more hard data, and we'll be better equiped to help you out. Cheers! ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson ------------------------------------------------------- This SF.net email is sponsored by: The Definitive IT and Networking Event. Be There! NetWorld+Interop Las Vegas 2003 -- Register today! http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort won't log anything! Please help... Kalteis, Nico (Contractor) (Mar 28)
- <Possible follow-ups>
- RE: Snort won't log anything! Please help... Kalteis, Nico (Contractor) (Mar 28)
- RE: Snort won't log anything! Please help... Erek Adams (Mar 28)
- RE: Snort won't log anything! Please help... Kalteis, Nico (Contractor) (Mar 28)
- RE: Snort won't log anything! Please help... Erek Adams (Mar 28)