[Snort-sigs] getting sensitive-data cc# alert to fire

waldo kitty wkitty42 at ...3507...
Mon Feb 3 16:54:07 EST 2014


On 2/3/2014 8:37 AM, jason wrote:
> Thanks for replying James
>
>>>Try adding -k none to your command line.
>
> I was using –knone so I changed that but still no hits…
>
> /usr/local/bin/snort -c /etc/snort/snort.conf -Acmg -k none -r
> /tmp/snort_pcap_dump.cap 2> /dev/null
>
> /usr/local/bin/snort -c ./snort-2.9.5.3/etc/snort.conf -Acmg -k none -r
> /tmp/snort_pcap_dump.cap 2> /dev/null
>
> This seems to work for everyone right out of the box so I am really at a loss
> why I can’t get it alerting…
>
> I’m using 2.9.5.3 but will try a fresh install of 2.9.6 and try again.

as joel asked, why are you redirecting to /dev/null?? how can you get error 
messages, if there are any, from there? ;)

-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.




More information about the Snort-sigs mailing list