[Snort-users] possible Snort 2.0 bug

Shoshin shoshin66 at ...125...
Fri May 9 05:58:13 EDT 2003


- if I just do LOGGING MODE it works, logging all traffic:
 #snort -vdl /var/log/snort

- if I do IDS MODE it doesnt log any traffic:
 #snort -vdl /var/log/snort -c /etc/snort/snort.conf

** but if I add an alert test rule to snort.conf ( alert tcp any any -> any any )
 and run the same IDS MODE command, then it creates log files and adds to the alert file !!

So what is wrong with IDS MODE, it should be logging traffic even if there are no alerts ????
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030509/bde33d9a/attachment.html>


More information about the Snort-users mailing list