[Snort-users] Generating alert when reading tcpdump file
jsage at ...2022...
Thu Jul 4 11:06:07 EDT 2002
On Thu, Jul 04, 2002 at 09:29:59AM -0400, xun wang wrote:
> Thanks for your prompt response.
> Actually I realized that I should specify the rules for snort to be able to
> trigger alert. But when I tried the "-c /path/snort.conf", I won't get
> anything except an empty alert file. When I removed this switch from my
> command, at least I could get lots of directory named with source IP
> addresses in the /var/log/snort directory.
> I didn't specify to write the alert to syslog, but I check the syslog as
> well and didn't find any alert.
> What is your thought?
Have you bothered to configure snort.conf correctly?
It's not enough to just point to it via the command line, it's
necessary to go through snort.conf and edit it to have it do what you
Just a thought...
"You are in a little maze of twisty passages, all different."
PGP key http://www.finchhaven.com/pages/gpg_pubkey.html
Fingerprint FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5
More information about the Snort-users