[Snort-sigs] getting sensitive-data cc# alert to fire

Joel Esler (jesler) jesler at ...3865...
Mon Feb 3 16:41:38 EST 2014

On Feb 3, 2014, at 8:37 AM, jason <jason at ...3880...<mailto:jason at ...3880...>> wrote:

Thanks for replying James

>> Try adding -k none to your command line.

I was using –knone so I changed that but still no hits…

/usr/local/bin/snort -c /etc/snort/snort.conf -Acmg -k none -r /tmp/snort_pcap_dump.cap 2> /dev/null
/usr/local/bin/snort -c ./snort- -Acmg -k none -r /tmp/snort_pcap_dump.cap 2> /dev/null

This seems to work for everyone right out of the box so I am really at a loss why I can’t get it alerting…
I’m using but will try a fresh install of 2.9.6 and try again.

Why are you pushing the output to /dev/null?

The -q option may help here.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20140203/bce57506/attachment.html>

More information about the Snort-sigs mailing list