[Snort-users] 0 byte unifed log output

Joel Esler jesler at ...1935...
Mon Apr 29 11:10:50 EDT 2013


On Apr 25, 2013, at 7:37 AM, John Ainsworth <john.ainsworth at ...16258...> wrote:

> Hi
>  
> Im sure it is something to do with rules, I turned on fastalert and tailed the fastalert file over night and did finally get some data but the only alert raised was the one below, repeated lots of times
>  
> 04/25-09:22:35.816992  [**] [1:24814:2] SNMP Samsung printer default community s
> tring [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1
> ] {UDP}
>  
> I cant believe that is the only attack we would see, we are ecommerce and app logs are full of people probing to see what they can/cant get into, I have downloaded the lastest rule set and updated as directed but can only detect a SNMP probe.

Has anyone suggested adding "-k none" to your command line in this thread yet?

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130429/6a7428f3/attachment.html>


More information about the Snort-users mailing list