[Snort-users] No alerts

Bill McCarty bmccarty at ...5196...
Mon Mar 25 12:31:53 EST 2002


I downloaded and compiled Snort 1.8.4, replacing the 1.8.3-5 RPM version. 
It runs and logs fine, but doesn't generate alerts -- I don't mean SMB 
alerts, just plain Fast and Full alerts. However, switching back to the old 
binary -- without otherwise tweaking the configuration -- yields alerts 
once again.

I don't find any compile-time configuration options necessary to support 
alerts. But, perhaps I missed one.

Does 1.8.4 require command-line specification of alert-related options that 
could previously be specified in snort.conf?

The invocation is:

        daemon /usr/sbin/snort \
          -D \
          -c $CDIR \
          -i $INTERFACE \
          -l $DIRBASE/$WEEK/$DATE \
          -u $USER \
          -h $HOMENET

and snort.conf has:

output alert_syslog: LOG_LOCAL1 LOG_INFO
output log_tcpdump: snort.log
output alert_full: /space1/snort/snort-full
output alert_fast: /space1/snort/snort-fast

Q: What am I missing?

---------------------------------------------------
Bill McCarty




More information about the Snort-users mailing list