[Snort-users] Why does snort not always post to the x.x.x subdirectory?
bobf at ...739...
Wed Nov 1 16:28:27 EST 2000
I am brand new to snort.
I have snort 1.6.3 running on an NT 4.0 workstation with a nearly
stock copy of rules 10102k.
I get an alert in the alert.ids file but no decode in net.net.subnet
directory. This only happens for a few rules, most of the rules create
the subdirectory in the log directory as expected.
A specific example:
when this rule triggers
alert TCP !$HOME_NET any -> $HOME_NET 2301 (msg:"IDS244 -
CVE-1999-0771 - Compaq-insight-dot-dot"; content: "../"; )
I get no subdirectory for the IP that triggered it. The IP is in my
alerts.ids file. (The rules are all one line long - wrap is for email).
Thanks for any help
80 FLT "The Original Road King"
More information about the Snort-users