[Snort-users] not write alert file
mkettler at ...4108...
Fri Nov 14 09:08:17 EST 2003
At 03:30 AM 11/14/2003, Hideki Hirata wrote:
># ping (eth0_address in my server) (enter)
># ping (same subnet among other host ipaddress ) (enter)
>/var/log/snort/alert log not write.!!
why would pinging your snort box with a normal ping cause an alert?. did
you add the rules that do this? (by default they are NOT included when
using the default snort.conf).
pinging on your loopback will likely cause alerts because it's address is
127.0.0.1, which is pretty unusual..
pinging a normal machine is pretty normal.. if you logged every such
incident you'd have a pretty noisy sensor.
More information about the Snort-users