Snort mailing list archives
Re: Snort + DARPA
From: Tho Le Phuoc <thole020287 () gmail com>
Date: Mon, 6 Oct 2014 20:29:39 +0200
Hi, I did go through that post before asking, but it doesn't help much. I don't understand this " ------------------------------ You didn’t have any rules fire. But you have your rules uncommented, which means, either you didn’t download the ruleset, or if you did download the ruleset, you are running said rules, or the rule files are blank for some reason. In any case, you have a misconfiguration in your snort.conf that is not allowing you to run the rules. -- Joel Esler Open Source Manager Threat Intelligence Team Lead Talos" Thanks Tho On Mon, Oct 6, 2014 at 8:21 PM, Y M <snort () outlook com> wrote:
There is a similar thread posted a while ( http://seclists.org/snort/2014/q3/525) that discusses the same issue. Go through it and see if it offers any kind of help, if not we will be glad to help you through. YM ------------------------------ Date: Mon, 6 Oct 2014 19:48:53 +0200 From: thole020287 () gmail com To: snort-users () lists sourceforge net Subject: [Snort-users] Snort + DARPA Hi, I am spending a lot of time installing and running Snort with DARPA data set ( TCPdump) to get alert from Snort, however I always get no alert, no logging. Can you give me some hints for what I am doing wrong? I am installing Snort 2.9.6.2 on CentOS7 with latest rule on Snort.org. Anyone can advise what else should i do? [image: Inline image 1] [image: Inline image 2] Thanks for your help. -- Best Regards, Le Phuoc Tho ------------------------------------------------------------------------------ Slashdot TV. Videos for Nerds. Stuff that Matters. http://pubads.g.doubleclick.net/gampad/clk?id=160591471&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users <https://lists.sourceforge.net/lists/listinfo/snort-usersSnort-users> list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
-- Best Regards, Le Phuoc Tho
------------------------------------------------------------------------------ Slashdot TV. Videos for Nerds. Stuff that Matters. http://pubads.g.doubleclick.net/gampad/clk?id=160591471&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort + DARPA Tho Le Phuoc (Oct 06)
- Re: Snort + DARPA Y M (Oct 06)
- Re: Snort + DARPA Tho Le Phuoc (Oct 06)
- Re: Snort + DARPA waldo kitty (Oct 06)
- Re: Snort + DARPA Y M (Oct 06)