Re: snort not generating lots of alerts

[firewalZ <firewalz () gmail com>]

Try running snort from the command line to display packets (like
tcpdump), make sure to sniff from the same interface you are using in
snort.conf, make sure you see bidirectional traffic.
Also, make sure you uncomment the rule catagories you want to use, I
think its near the bottom of snort.conf, I believe there is an icmp
rule set that is noisy.



On Thu, May 27, 2010 at 3:54 PM, Pedro Marinho <pppmarinho () gmail com> wrote:
> Hello gentlemen,
>
> I would like to ask if someone could post a snort.conf example for a sensor
> that monitors a Microsoft Windows environment.. i think is something wrong
> with my sensors.. i don´t know if it is because i have 2 or more instances
> of snort running or maybe some misconfiguration..
>
> i would be very thankfull for some help
>
>
>
> ------------------------------------------------------------------------------
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users