[Snort-users] not write alert file

Matt Kettler mkettler at ...4108...
Fri Nov 14 09:08:17 EST 2003


At 03:30 AM 11/14/2003, Hideki Hirata wrote:
># ping (eth0_address in my server) (enter)
># ping (same subnet among other host ipaddress ) (enter)
>
>/var/log/snort/alert log not write.!!
>nothing write.

why would pinging your snort box with a normal ping cause an alert?. did 
you add the rules that do this? (by default they are NOT included when 
using the default snort.conf).

pinging on your loopback will likely cause alerts because it's address is 
127.0.0.1, which is pretty unusual..

  pinging a normal machine is pretty normal.. if you logged every such 
incident you'd have a pretty noisy sensor.








More information about the Snort-users mailing list