[Snort-users] Generating alert when reading tcpdump file

John Sage jsage at ...2022...
Thu Jul 4 11:06:07 EDT 2002


On Thu, Jul 04, 2002 at 09:29:59AM -0400, xun wang wrote:
> Thanks for your prompt response.
> Actually I realized that I should specify the rules for snort to be able to 
> trigger alert. But when I tried the "-c /path/snort.conf", I won't get 
> anything except an empty alert file. When I removed this switch from my 
> command, at least I could get lots of directory named with source IP 
> addresses in the /var/log/snort directory.
> 
> I didn't specify to write the alert to syslog, but I check the syslog as 
> well and didn't find any alert.
> 
> What is your thought?

Have you bothered to configure snort.conf correctly?

It's not enough to just point to it via the command line, it's
necessary to go through snort.conf and edit it to have it do what you
want.


Just a thought...


- John
-- 
"You are in a little maze of twisty passages, all different."

PGP key      http://www.finchhaven.com/pages/gpg_pubkey.html
Fingerprint  FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5 




More information about the Snort-users mailing list