[Snort-users] No Alerts Being Generated

Matthew K. Lee mattl at ...12405...
Thu Sep 30 08:03:03 EDT 2004


Everything looks good.  I know that I had a glitch because my snort
password had special characters (i.e. #,$,etc.).  Once I changed the
password, things took off.

I'm out of suggestions.


Matthew Lee

-----Original Message-----
From: Kaplan, Andrew H. [mailto:AHKAPLAN at ...10063...] 
Sent: Thursday, September 30, 2004 9:52 AM
To: Matthew K. Lee
Cc: Snort User Group (E-mail)
Subject: RE: [Snort-users] No Alerts Being Generated

Hi Matthew --

Thank-you for your reply, and here are the answers to your questions:

1. The owner/group permissions for /etc/snort are as follows:

drwxr-xr-x root root snort/ <- printout

2. I tried a portscan via NeWT and nothing appeared.

3. When I run the mysql command you mentioned in your e-mail, I am able
   to access the database via the mysql prompt.

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Matthew K.
Sent: Wednesday, September 29, 2004 3:47 PM
To: snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] No Alerts Being Generated


1. What are the owner/group permissions of /etc/snort?
2. Have you tried to send it traffic that would trigger a rule?
3. What happens when you do a 'mysql -u snort -p' with snort's password?

Matthew Lee

-----Original Message-----
From: Kaplan, Andrew H. [mailto:AHKAPLAN at ...10063...] 
Sent: Wednesday, September 29, 2004 2:35 PM
To: Snort User Group (E-mail)
Subject: [Snort-users] No Alerts Being Generated

I completed installing snort 2.2.0 (build 30) and have begun running it.
ACID GUI and /var/log/snort/alert files have not shown any alerts
even though the program has been running for over an hour. To verify
there were
no syntax errors in the snort.conf file, I ran the following:

snort -c /etc/snort/snort.conf

There were no errors and warnings, and the program appears to be running
properly. Where in snort.conf and elsewhere, should I check for 
configuration mistakes? I have included the snort.conf file here.


This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list