[Snort-users] Generating alert when reading tcpdump file

xun wang xuntwang at ...125...
Thu Jul 4 11:54:02 EDT 2002

Yes, I believe I configured the snort.conf file correctly. All the rules 
downloaded from snort.org are included in the snort.conf file and HOME_NET 
was set. I used the command line switch -h speicfying the home_net as well.

Where did I do wrong?

>From: John Sage <jsage at ...2022...>
>To: xun wang <xuntwang at ...125...>
>CC: andrewb at ...950..., snort-users at lists.sourceforge.net
>Subject: Re: [Snort-users] Generating alert when reading tcpdump file
>Date: Thu, 4 Jul 2002 11:05:22 -0700
>On Thu, Jul 04, 2002 at 09:29:59AM -0400, xun wang wrote:
> > Thanks for your prompt response.
> > Actually I realized that I should specify the rules for snort to be able 
> > trigger alert. But when I tried the "-c /path/snort.conf", I won't get
> > anything except an empty alert file. When I removed this switch from my
> > command, at least I could get lots of directory named with source IP
> > addresses in the /var/log/snort directory.
> >
> > I didn't specify to write the alert to syslog, but I check the syslog as
> > well and didn't find any alert.
> >
> > What is your thought?
>Have you bothered to configure snort.conf correctly?
>It's not enough to just point to it via the command line, it's
>necessary to go through snort.conf and edit it to have it do what you
>Just a thought...
>- John
>"You are in a little maze of twisty passages, all different."
>PGP key      http://www.finchhaven.com/pages/gpg_pubkey.html
>Fingerprint  FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5
>This sf.net email is sponsored by:ThinkGeek
>Caffeinated soap. No kidding.
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>Snort-users list archive:

MSN Photos is the easiest way to share and print your photos: 

More information about the Snort-users mailing list