[Snort-users] Snort only partially alerting.

Frank Calone fc10011001 at ...11827...
Fri Jun 14 15:50:23 EDT 2013


I added the following option to the command line:
-k none

Here is the full command line I'm using:
/usr/sbin/snort -A fast -b -d -D -k none -i em3 -u snort -g snort -c
/etc/snort/snort.conf -l /var/log/snort -G 3

I was hopeful this would fix the alerting, however, it did not.  I had two
alerts today that the new Snort server did not flag.  Any other suggestions
on what to check out next is much appreciated.

Frank

On Wed, Jun 12, 2013 at 9:16 PM, Joel Esler <jesler at ...1935...> wrote:

>   On Jun 12, 2013, at 11:33 AM, Frank Calone <fc10011001 at ...11827...> wrote:
>
> Snort on the appliance alerted but Snort on the server did not.
>
>
> Dear Frank,
>
> Thanks for your email.  I believe you will find what you are looking for
> here:
> https://github.com/vrtadmin/snort-faq/blob/master/FAQ/Im-not-receiving-alerts-in-Snort.md
>
> --
> *Joel Esler*
> Senior Research Engineer, VRT
> OpenSource Community Manager
> Sourcefire
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130614/83c3288d/attachment.html>


More information about the Snort-users mailing list