[Snort-users] snort not catching any packets

Robert W rwawrig at ...131...
Fri Apr 26 04:31:58 EDT 2013


I'm new to snort, so probably I'm missing something obvious..
I'm running snort with output unified2 and barnyard2 which is saving to mysql, and snorby as front-end.
Snort is not catching anything with only the rules enabled (snort.conf -> Step #7: Customize your rule set). The "merged.log" unified2 file stays at 0 bytes.
If I enable decoder and preprocessor event rules (#Step 8) then it starts catching events, but are coming up as Snort Alert [xxx:y:z]. The alerts are not mapped to names.

Also barnyard is giving this message:
[Event: 1] with [gid: 120] [sid: 3] [rev: 1] [classification: 2] [priority: 3]    was not found in barnyard2 signature cache, this could lead to display inconsistency. To prevent this warning, make sure that your sid-msg.map and gen-msg.map file are up to date with the snort process logging to the spool file.

I've checked again and again all the conf files and the variables, all point to the correct sid-msg.map and gen-msg.map. 

Any idea what may be wrong?

