[Snort-users] What could be the reason....HELP

Ronneil Camara ronneilc at ...4042...
Thu Nov 22 11:35:02 EST 2001

What could be the reason why attacks are not recorded on my database. I
tried demarc but I usually run snort manually. I can see the attack if I
will remove logging of snort to mysql in snort.conf and logs will be
stored in /var/log/snort.
 The only traffic that are recorded now are portscan, icmp. And am on a
I used snort on a non-ip interface.
Can you check the debug and my snort.conf if I have missed anything
And what would be the appropriate approach to disable false positive?

More information about the Snort-users mailing list