[Snort-users] Not getting alerts in "alert" file.

Shields, Joseph (NIH/NIEHS) [C] joseph.shields at ...7983...
Tue Apr 30 14:14:23 EDT 2013


Hi.  I am not sure if my running two snort processes (each monitoring a different network interface) is causing the alerts to NOT show up in the alert file?  When I first started up the snort process, I got alerts in the alert file.  Then on the next day I noticed no new alerts, yet I was getting snort.log.nnnn binary log captures.  I have restarted the snort process monitoring em3 interface several times since I first got Snort running on Apr 15.   It looks like the alert file gets archived each morning and gzipped.  I don't know what is going wrong and am hoping someone has an idea on what is misconfigured.  Below is a screen shot of the alert files I have as well as how I am starting the two snort monitoring processes.  The first process noted below has been generating log files (see second screen shot below) on interface em3.  I believe the em2 interface is supposed to be a backup link in the event the network line being tapped by em3 has an issue such that traffic gets rerouted through the line being monitored by em2.   Thanks for the help!

Brian

[cid:image001.png at ...16274...]

[cid:image002.png at ...16274...]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130430/b2a0cfbb/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 55641 bytes
Desc: image001.png
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130430/b2a0cfbb/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 49931 bytes
Desc: image002.png
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130430/b2a0cfbb/attachment-0001.png>


More information about the Snort-users mailing list