[Snort-users] FW: snort not logging

Maged Shenouda maged67 at ...125...
Tue Jul 23 12:29:52 EDT 2013

Thanks for the feedback, so all those rules files that are included in the /snort/rules and those that are included in the snort.conf are not alerting any suspecious traffic? wow my system must be very secure and not attracting any one?

> Date: Tue, 23 Jul 2013 12:20:04 -0400
> From: wkitty42 at ...14940...
> To: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] FW:  snort not logging
> On 7/23/2013 08:52, Maged Shenouda wrote:
> >
> > I copied the test rules to local_test.rules and added the local_test.rules to
> > snort.conf then restarted snort
> > This time it is logging a lot of alerts, so what is wrong with my configurations??
> if the only thing you did was to add the local-test.rules and you did not change 
> anything else in snort.conf, then there is nothing wrong with your configuration...
> the "problem" would seem to be that there is not traffic that matches your rules 
> and so there is nothing for snort to raise an alert about...
> snort raises alerts on the local-test.rules because they grab everything and do 
> not bother to check for content matches... most snort rules check for content 
> matches and if traffic does not contain the sought content, the rule will not 
> alert... that is proper operation...
> -- 
> NOTE: No off-list assistance is given without prior approval.
>        Please keep mailing list traffic on the list unless
>        private contact is specifically requested and granted.
> ------------------------------------------------------------------------------
> See everything from the browser to the database with AppDynamics
> Get end-to-end visibility with application monitoring from AppDynamics
> Isolate bottlenecks and diagnose root cause in seconds.
> Start your free trial of AppDynamics Pro today!
> http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130723/9abaeb98/attachment.html>

More information about the Snort-users mailing list