[Snort-users] SNORT Installed properly But not Logging alerts

Dustin Webber dustin.webber at ...11827...
Wed Feb 20 11:04:48 EST 2013


You are using -T which I believe is test mode. So getting an exit status is expected behavior.

On Feb 20, 2013, at 9:55 AM, ARUN PUSHKAR <arunpushkar at ...11827...> wrote:

> I have installed snort and after installation when i run following:
> sudo snort -c /usr/local/snort/etc/snort.conf –dump-dynamic-rules=/usr/local/snort/so_rules
> 
> I Get:
> 
> Finished dumping dynamic rules.
> 
> Snort exiting 
> 
> When i run this:
> 
> sudo snort -c /usr/local/snort/etc/snort.conf -T -l /var/log/snort
> 
> I Get:
> Snort successfully validated the configuration!
> Snort exiting
> When i Run:
> /usr/local/snort/bin/snort -i eth0
> I can see traffic but when i use ' curl http://testmyids.com ' for testing SNORT installation it does not gives any alert in unified2 file which is being logged in /var/log/snort
> snort config file has this line for logging into unified file :
> output unified2: filename unified.snort.alert, limit 128
> 
> And for starting snort i am using:
> 
> sudo snort -c /usr/local/snort/etc/snort.conf -l /var/log/snort -i eth0
> 
> Every thing seems to be right but why is it not logging alerts ?
> 
> 
> 
> 
> -- 
> Arun Pushkar
> 09043404301
> ------------------------------------------------------------------------------
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> http://p.sf.net/sfu/appdyn_d2d_feb
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130220/173ce57f/attachment.html>


More information about the Snort-users mailing list