[Snort-users] No data and alarm log

Xiaoxu Huang xhuang at ...10346...
Thu Jun 6 11:08:29 EDT 2013


James,

You are correct. 

We did run snort since yesterday to this morning and we get the alarm
messages. 

Thanks for help and Best regards,

Xiaoxu 



-----Original Message-----
From: James Lay [mailto:jlay at ...13475...] 
Sent: Wednesday, June 05, 2013 7:56 AM
To: Snort
Subject: Re: [Snort-users] No data and alarm log


On Jun 4, 2013, at 6:51 PM, Xiaoxu Huang <xhuang at ...10346...> wrote:

> James,
> 
> Thanks for help.
> 
> Please see followings.
> 
> Best Regards,
> 
> Xiaoxu
> 
> snort -A fast -l /var/log/snort -c /etc/snort/snort.conf Running in 
> IDS mode
> 
>        --== Initializing Snort ==--
> 
> ======================================================================
> ======
> ===
> Run time for packet processing was 68.6272 seconds Snort processed 135 
> packets.
> Snort ran for 0 days 0 hours 1 minutes 8 seconds
>   Pkts/min:          135
>   Pkts/sec:            1
> ======================================================================
> ======
> ===
> Packet I/O Totals:
>   Received:          135
>   Analyzed:          135 (100.000%)
>    Dropped:            0 (  0.000%)
>   Filtered:            0 (  0.000%)
> Outstanding:            0 (  0.000%)
>   Injected:            0


Ok that looks good.it looks like you didn't have any behaviors that cased
the IDS to fire off (not a surprise for only 135 packets ;)).  Let it run
for a day and see how it goes :)

James
----------------------------------------------------------------------------
--
How ServiceNow helps IT people transform IT departments:
1. A cloud service to automate IT design, transition and operations 2.
Dashboards that offer high-level views of enterprise services 3. A single
system of record for all IT processes http://p.sf.net/sfu/servicenow-d2d-j
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort
news!








More information about the Snort-users mailing list