[Snort-users] Empty output (unified) files

Joel Esler jesler at ...1935...
Thu Mar 22 09:19:42 EDT 2012


Please post your Snort command line and contents of the snort.conf. 

-- 
Joel Esler

On Mar 22, 2012, at 8:49 AM, Alojzy Kleks <testing4tester at ...14432...> wrote:

> Hi all,
> 
> I've installed snort on Ubuntu using the official documentation on Snort website (except installing reporting tool as I'm using snorby). When installation is completed, I wanted to test it. To my big suprise, snort is creating unified output files, but they're empty. I was testing using nmap with intense scanning (including both TCP and UDP) as well as LOIC, but all the files have size of zero. When I redirect output to -A console, I can clearly see the packets, also when I cancel snort process, in the summary I can clearly find statistics, but still nothing can be found in the files.
> Any tips and tricks will be highly appreciated.
> ------------------------------------------------------------------------------
> This SF email is sponsosred by:
> Try Windows Azure free for 90 days Click Here 
> http://p.sf.net/sfu/sfd2d-msazure
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120322/a80a3fab/attachment.html>


More information about the Snort-users mailing list