[Snort-users] snort not capturing packets for alerts (sometimes)
r.fulton at ...3809...
Tue Oct 23 19:01:08 EDT 2001
I am running snort 1.8.1 on a debian linux system:
snort -A full -c rules.18.104.22.168 -d -D -e -h 22.214.171.124/16 -i eth1
Most of the time it dutifully logs packets that caused alerts into the
approriate directory but every now and again when I look for a packet
log there isn't anything there.
The snort process is restarted every hour, I run a hourly perl script
which I adapted from snorticus.
In some cases out of a bunch of very similar alerts some get logged and
Any ideas as to what is going on or any hint as to how to debug this
Russell Fulton, Computer and Network Security Officer
The University of Auckland, New Zealand
More information about the Snort-users