[Snort-users] Snort on Windows not Alerting

afischer at ...13701... afischer at ...13701...
Fri Feb 10 09:04:02 EST 2006

I've seen one or two posts on the net with someone having the same
problem that I am experiencing, but no replies. So hopefully I have
better luck here! :)

I have installed Snort version 2.4.3 on a Windows XP Professional box
and can not seem to get it to alert. I have also installed Ethereal
version 0.10.14 which installs WinPcap version 3.1.

I can start Snort from a command line by typing the following from the
C:\Snort\bin directory
"snort.exe -c "C:\Snort\etc\snort.conf" -K ascii -l "C:\Snort\log" -A
full -I 4 -d -e -X"

When I stop Snort, I can see in the statistics that Snort has seen
traffic and I can run Snort in verbose mode and watch packets fly by so
I'm confident that Snort is actually seeing the traffic that I am
sending, it's just not alerting on anything because when I go into the
C:\Snort\log directory, there's nothing there even though I have rules
enabled and put rules in the C:\Snort\rules directory.

Any thoughts? I can provide my snort.conf file. Can I send attachments
to the mailing list or do I have to paste the contents into the body?

Anthony Fischer

More information about the Snort-users mailing list