Only an empty Alert file :(

["Dean Farwood" <dean_farwood () comcast net>]

Hello,

 

I'm running Snort 2.8.5.2 (Build 121) on Ubuntu 11.10 with 3.0.0-16-generic
kernel.

 

I have written the following rule called /etc/snort/rules/password.rules:

 

alert tcp any any <> 192.168.1.110 any (content:"password"; msg:"Potential
Password Violation"; sid: 11995522;)

 

My snort command is:

snort -dev -c /etc/snort/snort.conf -l /etc/snort/log2 -K ascii

 

I then transfer a file with the word "password" in it from the Linux system
to a Windows system using Samba. The packets are captured as evidenced by
the terminal display. The Windows system successfully authenticates to Samba
and the file can be viewed on the Windows system.

 

PROBLEM: No directories are created in the /etc/snort/log2 directories. Only
an empty "Alert" file appears.

 

If I run a command like:

 

snort -dev -l /etc/snort/log2 -K ascii

 

I get normal logging directories with IP address directory names etc.

 

This command also results in nothing in /etc/snort/log2 except the empty
alert file.

snort -dev -c /etc/snort/rules/password.rules -l /etc/snort/log2 -K ascii

 

REQUEST: Any help I can get to allow proper logging when using the -c option
would be much appreciated.

 

Thanks,

 

Dean

 

 

 

 

 

 

snort -dev -c /etc/snort/snort.conf -l /etc/snort/log2 -K ascii

------------------------------------------------------------------------------
Virtualization & Cloud Management Using Capacity Planning
Cloud computing makes use of virtualization - but cloud computing 
also focuses on allowing computing to be delivered as a service.
http://www.accelacomm.com/jaw/sfnl/114/51521223/

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!