[Snort-users] snort not capturing packets for alerts (sometimes)

Russell Fulton r.fulton at ...3809...
Tue Oct 23 19:01:08 EDT 2001


Hi All,
	I am running snort 1.8.1 on a debian linux system:
snort -A full -c rules.130.216.0.0 -d -D -e -h 130.216.0.0/16 -i eth1 
-l /home/snort/LOGS/DMZ-OS/20011024/20011024.hh

Most of the time it dutifully logs packets that caused alerts into the 
approriate directory but every now and again when I look for a packet 
log there isn't anything there.

The snort process is restarted every hour, I run a hourly perl script 
which I adapted from snorticus.

In some cases out of a bunch of very similar alerts some get logged and 
some don't.

Any ideas as to what is going on or any hint as to how to debug this 
problem.


Russell Fulton, Computer and Network Security Officer
The University of Auckland,  New Zealand





More information about the Snort-users mailing list