[Snort-users] Snort not logging alerts.

Lyndon Tiu ltiu at ...12200...
Thu Jul 29 11:49:01 EDT 2004


Hello, 
 
I've googled to no avail. 
 
I am wondering if you guys can help. 
 
I have the latest snort installed 2.1.3 from snort.org. I commpiled and 
installed. 
 
I have the rules installed under /usr/local/etc/snort/rules. 
I have /usr/local/etc/snort/snort.conf configured. 
 
I start snort: 
 
/usr/local/bin/snort -dev -i eth1 -c /usr/local/etc/snort/snort.conf 
 
Sbort starts up fine, but when I send it a code red http request: 
 
All I get are: 
 
Rule application order: ->activation->dynamic->alert->pass->log 
 
        --== Initialization Complete ==-- 
 
-*> Snort! <*- 
Version 2.1.0 (Build 9) 
By Martin Roesch (roesch at ...1935..., www.snort.org) 
07/29-11:44:42.071614 0:10:A4:89:A9:12 -> 0:A0:24:CC:5E:FC type:0x800 
len:0x4A 
192.168.0.2:32806 -> 192.168.0.1:80 TCP TTL:64 TOS:0x0 ID:6238 IpLen:20 
DgmLen:60 DF 
******S* Seq: 0xC4AB409B  Ack: 0x0  Win: 0x16D0  TcpLen: 40 
TCP Options (5) => MSS: 1460 SackOK TS: 612549 0 NOP WS: 0 
 
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 
 
07/29-11:44:42.071780 0:A0:24:CC:5E:FC -> 0:10:A4:89:A9:12 type:0x800 
len:0x36 
192.168.0.1:80 -> 192.168.0.2:32806 TCP TTL:64 TOS:0x0 ID:1138 IpLen:20 
DgmLen:40 DF 
***A*R** Seq: 0x0  Ack: 0xC4AB409C  Win: 0x0  TcpLen: 20 
 
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 
 
 
I am not getting any alerts as expected!! 
 
 
What am I missing? 
 
 
Thank for any tips. 
 
 
-- 
Lyndon Tiu 




More information about the Snort-users mailing list