[Snort-sigs] getting sensitive-data cc# alert to fire

rmkml rmkml at ...174...
Mon Feb 3 17:06:14 EST 2014

Sorry for disturb,

2> is stderr, no pb with snort alerts (use 1> / stdout).
(2> used by snort starting version...)


On Mon, 3 Feb 2014, waldo kitty wrote:

> On 2/3/2014 8:37 AM, jason wrote:
>> Thanks for replying James
>>>> Try adding -k none to your command line.
>> I was using –knone so I changed that but still no hits…
>> /usr/local/bin/snort -c /etc/snort/snort.conf -Acmg -k none -r
>> /tmp/snort_pcap_dump.cap 2> /dev/null
>> /usr/local/bin/snort -c ./snort- -Acmg -k none -r
>> /tmp/snort_pcap_dump.cap 2> /dev/null
>> This seems to work for everyone right out of the box so I am really at a loss
>> why I can’t get it alerting…
>> I’m using but will try a fresh install of 2.9.6 and try again.
> as joel asked, why are you redirecting to /dev/null?? how can you get error 
> messages, if there are any, from there? ;)

More information about the Snort-sigs mailing list