[Snort-users] FW: snort 126.96.36.199 not logging
wkitty42 at ...14940...
Tue Jul 23 12:20:04 EDT 2013
On 7/23/2013 08:52, Maged Shenouda wrote:
> I copied the test rules to local_test.rules and added the local_test.rules to
> snort.conf then restarted snort
> This time it is logging a lot of alerts, so what is wrong with my configurations??
if the only thing you did was to add the local-test.rules and you did not change
anything else in snort.conf, then there is nothing wrong with your configuration...
the "problem" would seem to be that there is not traffic that matches your rules
and so there is nothing for snort to raise an alert about...
snort raises alerts on the local-test.rules because they grab everything and do
not bother to check for content matches... most snort rules check for content
matches and if traffic does not contain the sought content, the rule will not
alert... that is proper operation...
NOTE: No off-list assistance is given without prior approval.
Please keep mailing list traffic on the list unless
private contact is specifically requested and granted.
More information about the Snort-users