[Snort-users] I don't get any alerts when reading from file.

dimopoulos at ...12202... dimopoulos at ...12202...
Fri Jul 30 03:01:29 EDT 2004


Hullo.
 I'm using snort 2.1.3 on Windows 2000 SP4, on a 1.5 GHz Pentium 4
 processor with 512 MB and have libcap 3.0. For the past days I've been
 trying in vain to get snort to read from a file and log the alerts, yet
 nothing happens. I've editted snort.conf to include all the rule files and set all
 adresses to 'any'. For a typical execution I use: snort.exe -c snort.conf -r test.txt
(test.txt is a random tcp dump file i have created using Ethereal and
every packet in the file contains a signature.) I can see that the rules are read successfully from the '.rule' files
"2060 Snort rules read...
2060 Option Chains ;inked into 254 Chain Headers"
 At the results section the "Breakdown by protocol:" is correct but the
 actions are all 0 (alerts=0,logged=0,passed=0). When I use -vd I can see
 the header and the data of the packets are all ok (and should generate
 alerts). I've tried the various -A switches, no change. After reading both the
 manual and the FAQ I still haven't found anything. Am I blind and have missed something obvious?
 Any help will be deeply appreciated and will help spare what little hair
 I haven't torn off my scalp yet!! Thanks!








More information about the Snort-users mailing list