[Snort-users] snort not generating lots of alerts

firewalZ firewalz at ...11827...
Sat May 29 08:59:59 EDT 2010


Try running snort from the command line to display packets (like
tcpdump), make sure to sniff from the same interface you are using in
snort.conf, make sure you see bidirectional traffic.
Also, make sure you uncomment the rule catagories you want to use, I
think its near the bottom of snort.conf, I believe there is an icmp
rule set that is noisy.



On Thu, May 27, 2010 at 3:54 PM, Pedro Marinho <pppmarinho at ...11827...> wrote:
>
> Hello gentlemen,
>
> I would like to ask if someone could post a snort.conf example for a sensor
> that monitors a Microsoft Windows environment.. i think is something wrong
> with my sensors.. i don´t know if it is because i have 2 or more instances
> of snort running or maybe some misconfiguration..
>
> i would be very thankfull for some help
>
>
>
> ------------------------------------------------------------------------------
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>




More information about the Snort-users mailing list