[Snort-users] 0 byte unifed log output

James Lay jlay at ...13475...
Thu Apr 25 10:12:00 EDT 2013


On 2013-04-25 05:37, John Ainsworth wrote:
> Hi
>
> Im sure it is something to do with rules, I turned on fastalert and
> tailed the fastalert file over night and did finally get some data 
> but
> the only alert raised was the one below, repeated lots of times
>
> 04/25-09:22:35.816992 [**] [1:24814:2] SNMP Samsung printer default
> community s
>
> tring [**] [Classification: Attempted Administrator Privilege Gain]
> [Priority: 1
>
> ] {UDP}
>
> I cant believe that is the only attack we would see, we are ecommerce
> and app logs are full of people probing to see what they can/cant get
> into, I have downloaded the lastest rule set and updated as directed
> but can only detect a SNMP probe.
>
> Thanks
>
> John
>

John,

Can you post say the first 40 lines of your snort.conf?  I'd like to 
see the variables you have defined.  Thanks.

James




More information about the Snort-users mailing list