[Snort-users] Latest CVS -- near total silence

Scott A. McIntyre scott at ...1050...
Tue Mar 27 06:43:55 EST 2001


The latest CVS, Build 9, is nearly completely silent on alerts for me
using what was a standard ruleset (from the web site, with some local
modifications).

I'm getting only one or two alerts being made, such as rpc.statd
queries, which indeed are happening, but lots of other things are
happening as well (independently verified / tested), but snort is
essentially ignoring them.

snort -t /log/snort -i de0 -A full -o -b -c snort.conf -l log/output/

Is one way I invoke snort, and nothing has changed rule wise...

No errors are reported in the output.

I know that the latest build became more strict about rule parsing, thus
the errors that I found with comma seperated lists of port numbers
earlier, but has something else fundamentally changed that could cause
near total silence?  






More information about the Snort-users mailing list