[Snort-users] @empty rules files

anagha b banagha3 at ...11827...
Mon Nov 18 02:29:29 EST 2013


Hi waldo ,

I read lot of blogs for this empty log file and tried different solutions
nothing is working.

Rules dir have 121 items and 15.2 mb size

List of rules in /snort/rules directory

total 15132

drwxr-xr-x 2 root root 4096 Nov 14 16:52 .

drwxr-xr-x 11 root root 4096 Oct 30 12:34 ..

-rw-r--r-- 1 root root 36103 Sep 26 20:27 app-detect.rules

-rw-r--r-- 1 root root 1061 May 7 2013 attack-responses.rules

-rw-r--r-- 1 root root 1037 May 7 2013 backdoor.rules

-rw-r--r-- 1 root root 1046 May 7 2013 bad-traffic.rules

-rw-r--r-- 1 root root 0 Oct 30 12:37 black_list.rules

-rw-r--r-- 1 root root 717567 Sep 26 20:27 blacklist.rules

-rw-r--r-- 1 root root 1043 May 7 2013 botnet-cnc.rules

-rw-r--r-- 1 root root 7045 Sep 26 20:27 browser-chrome.rules

-rw-r--r-- 1 root root 76227 Sep 26 20:27 browser-firefox.rules

-rw-r--r-- 1 root root 320270 Sep 26 20:27 browser-ie.rules

-rw-r--r-- 1 root root 11676 Sep 26 20:27 browser-other.rules

-rw-r--r-- 1 root root 1242764 Sep 26 20:27 browser-plugins.rules

-rw-r--r-- 1 root root 26204 Sep 26 20:27 browser-webkit.rules

-rw-r--r-- 1 root root 1025 May 7 2013 chat.rules

-rw-r--r-- 1 root root 8762 Sep 26 20:27 content-replace.rules

-rw-r--r-- 1 root root 1025 May 7 2013 ddos.rules

-rw-r--r-- 1 root root 6299609 Sep 26 20:27 deleted.rules

-rw-r--r-- 1 root root 1022 Jun 20 04:00 dns.rules

-rw-r--r-- 1 root root 1438 Sep 26 20:27 dos.rules

-rw-r--r-- 1 root root 1049 May 7 2013 experimental.rules

-rw-r--r-- 1 root root 288828 Sep 26 20:27 exploit-kit.rules

-rw-r--r-- 1 root root 1034 May 7 2013 exploit.rules

-rw-r--r-- 1 root root 22576 Sep 26 20:27 file-executable.rules

-rw-r--r-- 1 root root 134155 Sep 26 20:27 file-flash.rules

-rw-r--r-- 1 root root 400777 Sep 26 20:27 file-identify.rules

-rw-r--r-- 1 root root 75578 Sep 26 20:27 file-image.rules

-rw-r--r-- 1 root root 80499 Sep 26 20:27 file-java.rules

-rw-r--r-- 1 root root 125191 Sep 26 20:27 file-multimedia.rules

-rw-r--r-- 1 root root 356913 Sep 26 20:27 file-office.rules

-rw-r--r-- 1 root root 216984 Sep 26 20:27 file-other.rules

-rw-r--r-- 1 root root 157042 Sep 26 20:27 file-pdf.rules

-rw-r--r-- 1 root root 1031 May 7 2013 finger.rules

-rw-r--r-- 1 root root 1022 May 7 2013 ftp.rules

-rw-r--r-- 1 root root 1040 May 7 2013 icmp-info.rules

-rw-r--r-- 1 root root 1025 May 7 2013 icmp.rules

-rw-r--r-- 1 root root 1025 May 7 2013 imap.rules

-rw-r--r-- 1 root root 82126 Sep 26 20:27 indicator-compromise.rules

-rw-r--r-- 1 root root 48167 Sep 26 20:27 indicator-obfuscation.rules

-rw-r--r-- 1 root root 9245 Sep 26 20:27 indicator-scan.rules

-rw-r--r-- 1 root root 42647 Sep 26 20:27 indicator-shellcode.rules

-rw-r--r-- 1 root root 1025 May 7 2013 info.rules

-rw-r--r-- 1 root root 1283 Nov 14 16:52 local.rules

-rw-r--r-- 1 root root 1269 Nov 14 16:44 local.rules~

-rw-r--r-- 1 root root 274417 Sep 26 20:27 malware-backdoor.rules

-rw-r--r-- 1 root root 821907 Sep 26 20:27 malware-cnc.rules

-rw-r--r-- 1 root root 248963 Sep 26 20:27 malware-other.rules

-rw-r--r-- 1 root root 56691 Sep 26 20:27 malware-tools.rules

-rw-r--r-- 1 root root 1025 May 7 2013 misc.rules

-rw-r--r-- 1 root root 1043 May 7 2013 multimedia.rules

-rw-r--r-- 1 root root 163 Nov 14 12:43 myrules~

-rw-r--r-- 1 root root 164 Nov 14 16:34 myrules.rules

-rw-r--r-- 1 root root 163 Nov 14 16:02 myrules.rules~

-rw-r--r-- 1 root root 1028 May 7 2013 mysql.rules

-rw-r--r-- 1 root root 130162 Sep 26 20:27 netbios.rules

-rw-r--r-- 1 root root 1025 Jun 20 04:00 nntp.rules

-rw-r--r-- 1 root root 1031 May 7 2013 oracle.rules

-rw-r--r-- 1 root root 7640 Sep 26 20:27 os-linux.rules

-rw-r--r-- 1 root root 45643 Sep 26 20:27 os-mobile.rules

-rw-r--r-- 1 root root 4233 Sep 26 20:27 os-other.rules

-rw-r--r-- 1 root root 4635 Sep 26 20:27 os-solaris.rules

-rw-r--r-- 1 root root 303927 Sep 26 20:27 os-windows.rules

-rw-r--r-- 1 root root 1040 May 7 2013 other-ids.rules

-rw-r--r-- 1 root root 1022 May 7 2013 p2p.rules

-rw-r--r-- 1 root root 1052 May 7 2013 phishing-spam.rules

-rw-r--r-- 1 root root 3096 Sep 26 20:27 policy-multimedia.rules

-rw-r--r-- 1 root root 24856 Sep 26 20:27 policy-other.rules

-rw-r--r-- 1 root root 1031 May 7 2013 policy.rules

-rw-r--r-- 1 root root 25911 Sep 26 20:27 policy-social.rules

-rw-r--r-- 1 root root 63562 Sep 26 20:27 policy-spam.rules

-rw-r--r-- 1 root root 1025 Mtotal 15132

drwxr-xr-x 2 root root 4096 Nov 14 16:52 .

drwxr-xr-x 11 root root 4096 Oct 30 12:34 ..

-rw-r--r-- 1 root root 36103 Sep 26 20:27 app-detect.rules

-rw-r--r-- 1 root root 1061 May 7 2013 attack-responses.rules

-rw-r--r-- 1 root root 1037 May 7 2013 backdoor.rules

-rw-r--r-- 1 root root 1046 May 7 2013 bad-traffic.rules

-rw-r--r-- 1 root root 0 Oct 30 12:37 black_list.rules

-rw-r--r-- 1 root root 717567 Sep 26 20:27 blacklist.rules

-rw-r--r-- 1 root root 1043 May 7 2013 botnet-cnc.rules

-rw-r--r-- 1 root root 7045 Sep 26 20:27 browser-chrome.rules

-rw-r--r-- 1 root root 76227 Sep 26 20:27 browser-firefox.rules

-rw-r--r-- 1 root root 320270 Sep 26 20:27 browser-ie.rules

-rw-r--r-- 1 root root 11676 Sep 26 20:27 browser-other.rules

-rw-r--r-- 1 root root 1242764 Sep 26 20:27 browser-plugins.rules

-rw-r--r-- 1 root root 26204 Sep 26 20:27 browser-webkit.rules

-rw-r--r-- 1 root root 1025 May 7 2013 chat.rules

-rw-r--r-- 1 root root 8762 Sep 26 20:27 content-replace.rules

-rw-r--r-- 1 root root 1025 May 7 2013 ddos.rules

-rw-r--r-- 1 root root 6299609 Sep 26 20:27 deleted.rules

-rw-r--r-- 1 root root 1022 Jun 20 04:00 dns.rules

-rw-r--r-- 1 root root 1438 Sep 26 20:27 dos.rules

-rw-r--r-- 1 root root 1049 May 7 2013 experimental.rules

-rw-r--r-- 1 root root 288828 Sep 26 20:27 exploit-kit.rules

-rw-r--r-- 1 root root 1034 May 7 2013 exploit.rules

-rw-r--r-- 1 root root 22576 Sep 26 20:27 file-executable.rules

-rw-r--r-- 1 root root 134155 Sep 26 20:27 file-flash.rules

-rw-r--r-- 1 root root 400777 Sep 26 20:27 file-identify.rules

-rw-r--r-- 1 root root 75578 Sep 26 20:27 file-image.rules

-rw-r--r-- 1 root root 80499 Sep 26 20:27 file-java.rules

-rw-r--r-- 1 root root 125191 Sep 26 20:27 file-multimedia.rules

-rw-r--r-- 1 root root 356913 Sep 26 20:27 file-office.rules

-rw-r--r-- 1 root root 216984 Sep 26 20:27 file-other.rules

-rw-r--r-- 1 root root 157042 Sep 26 20:27 file-pdf.rules

-rw-r--r-- 1 root root 1031 May 7 2013 finger.rules

-rw-r--r-- 1 root root 1022 May 7 2013 ftp.rules

-rw-r--r-- 1 root root 1040 May 7 2013 icmp-info.rules

-rw-r--r-- 1 root root 1025 May 7 2013 icmp.rules

-rw-r--r-- 1 root root 1025 May 7 2013 imap.rules

-rw-r--r-- 1 root root 82126 Sep 26 20:27 indicator-compromise.rules

-rw-r--r-- 1 root root 48167 Sep 26 20:27 indicator-obfuscation.rules

-rw-r--r-- 1 root root 9245 Sep 26 20:27 indicator-scan.rules

-rw-r--r-- 1 root root 42647 Sep 26 20:27 indicator-shellcode.rules

-rw-r--r-- 1 root root 1025 May 7 2013 info.rules

-rw-r--r-- 1 root root 1283 Nov 14 16:52 local.rules

-rw-r--r-- 1 root root 1269 Nov 14 16:44 local.rules~

-rw-r--r-- 1 root root 274417 Sep 26 20:27 malware-backdoor.rules

-rw-r--r-- 1 root root 821907 Sep 26 20:27 malware-cnc.rules

-rw-r--r-- 1 root root 248963 Sep 26 20:27 malware-other.rules

-rw-r--r-- 1 root root 56691 Sep 26 20:27 malware-tools.rules

-rw-r--r-- 1 root root 1025 May 7 2013 misc.rules

-rw-r--r-- 1 root root 1043 May 7 2013 multimedia.rules

-rw-r--r-- 1 root root 163 Nov 14 12:43 myrules~

-rw-r--r-- 1 root root 164 Nov 14 16:34 myrules.rules

-rw-r--r-- 1 root root 163 Nov 14 16:02 myrules.rules~

-rw-r--r-- 1 root root 1028 May 7 2013 mysql.rules

-rw-r--r-- 1 root root 130162 Sep 26 20:27 netbios.rules

-rw-r--r-- 1 root root 1025 Jun 20 04:00 nntp.rules

-rw-r--r-- 1 root root 1031 May 7 2013 oracle.rules

-rw-r--r-- 1 root root 7640 Sep 26 20:27 os-linux.rules

-rw-r--r-- 1 root root 45643 Sep 26 20:27 os-mobile.rules

-rw-r--r-- 1 root root 4233 Sep 26 20:27 os-other.rules

-rw-r--r-- 1 root root 4635 Sep 26 20:27 os-solaris.rules

-rw-r--r-- 1 root root 303927 Sep 26 20:27 os-windows.rules

-rw-r--r-- 1 root root 1040 May 7 2013 other-ids.rules

-rw-r--r-- 1 root root 1022 May 7 2013 p2p.rules

-rw-r--r-- 1 root root 1052 May 7 2013 phishing-spam.rules

-rw-r--r-- 1 root root 3096 Sep 26 20:27 policy-multimedia.rules

-rw-r--r-- 1 root root 24856 Sep 26 20:27 policy-other.rules

-rw-r--r-- 1 root root 1031 May 7 2013 policy.rules

-rw-r--r-- 1 root root 25911 Sep 26 20:27 policy-social.rules

-rw-r--r-- 1 root root 63562 Sep 26 20:27 policy-spam.rules

-rw-r--r-- 1 root root 1025 May 7 2013 pop2.rules

-rw-r--r-- 1 root root 1025 May 7 2013 pop3.rules

-rw-r--r-- 1 root root 13947 Sep 26 20:27 protocol-dns.rules

-rw-r--r-- 1 root root 4514 Sep 26 20:27 protocol-finger.rules

-rw-r--r-- 1 root root 38511 Sep 26 20:27 protocol-ftp.rules

-rw-r--r-- 1 root root 30647 Sep 26 20:27 protocol-icmp.rules

-rw-r--r-- 1 root root 20971 Sep 26 20:27 protocol-imap.rules

-rw-r--r-- 1 root root 5617 Sep 26 20:27 protocol-nntp.rules

-rw-r--r-- 1 root root 9110 Sep 26 20:27 protocol-pop.rules

-rw-r--r-- 1 root root 95127 Sep 26 20:27 protocol-rpc.rules

-rw-r--r-- 1 root root 71992 Sep 26 20:27 protocol-scada.rules

-rw-r--r-- 1 root root 5179 Sep 26 20:27 protocol-services.rules

-rw-r--r-- 1 root root 7945 Sep 26 20:27 protocol-snmp.rules

-rw-r--r-- 1 root root 10500 Sep 26 20:27 protocol-telnet.rules

-rw-r--r-- 1 root root 7280 Sep 26 20:27 protocol-tftp.rules

-rw-r--r-- 1 root root 97972 Sep 26 20:27 protocol-voip.rules

-rw-r--r-- 1 root root 334624 Sep 26 20:27 pua-adware.rules

-rw-r--r-- 1 root root 10324 Sep 26 20:27 pua-other.rules

-rw-r--r-- 1 root root 8203 Sep 26 20:27 pua-p2p.rules

-rw-r--r-- 1 root root 91850 Sep 26 20:27 pua-toolbars.rules

-rw-r--r-- 1 root root 1022 Jun 20 04:00 rpc.rules

-rw-r--r-- 1 root root 1040 May 7 2013 rservices.rules

-rw-r--r-- 1 root root 1028 Jun 20 04:00 scada.rules

-rw-r--r-- 1 root root 1025 Jun 20 04:00 scan.rules

-rw-r--r-- 1 root root 34123 Sep 26 20:27 server-apache.rules

-rw-r--r-- 1 root root 73478 Sep 26 20:27 server-iis.rules

-rw-r--r-- 1 root root 61193 Sep 26 20:27 server-mail.rules

-rw-r--r-- 1 root root 28734 Sep 26 20:27 server-mssql.rules

-rw-r--r-- 1 root root 28112 Sep 26 20:27 server-mysql.rules

-rw-r--r-- 1 root root 235805 Sep 26 20:27 server-oracle.rules

-rw-r--r-- 1 root root 351306 Sep 26 20:27 server-other.rules

-rw-r--r-- 1 root root 14062 Sep 26 20:27 server-samba.rules

-rw-r--r-- 1 root root 582043 Sep 26 20:27 server-webapp.rules

-rw-r--r-- 1 root root 1040 May 7 2013 shellcode.rules

-rw-r--r-- 1 root root 1025 May 7 2013 smtp.rules

-rw-r--r-- 1 root root 1025 Jun 20 04:00 snmp.rules

-rw-r--r-- 1 root root 1061 May 7 2013 specific-threats.rules

-rw-r--r-- 1 root root 1046 May 7 2013 spyware-put.rules

-rw-r--r-- 1 root root 30933 Sep 26 20:27 sql.rules

-rw-r--r-- 1 root root 1031 Jun 20 04:00 telnet.rules

-rw-r--r-- 1 root root 1025 Jun 20 04:00 tftp.rules

-rw-r--r-- 1 root root 1028 May 7 2013 virus.rules

-rw-r--r-- 1 root root 1025 May 7 2013 voip.rules

-rw-r--r-- 1 root root 19574 Sep 26 20:24 VRT-License.txt

-rw-r--r-- 1 root root 1046 May 7 2013 web-activex.rules

-rw-r--r-- 1 root root 1046 May 7 2013 web-attacks.rules

-rw-r--r-- 1 root root 1034 May 7 2013 web-cgi.rules

-rw-r--r-- 1 root root 1043 May 7 2013 web-client.rules

-rw-r--r-- 1 root root 1055 May 7 2013 web-coldfusion.rules

-rw-r--r-- 1 root root 1052 May 7 2013 web-frontpage.rules

-rw-r--r-- 1 root root 1034 May 7 2013 web-iis.rules

-rw-r--r-- 1 root root 1037 May 7 2013 web-misc.rules

-rw-r--r-- 1 root root 1034 May 7 2013 web-php.rules

-rw-r--r-- 1 root root 0 Oct 30 12:37 white_list.rules

-rw-r--r-- 1 root root 1918 Sep 26 20:27 x11.rulesay 7 2013 pop2.rules

-rw-r--r-- 1 root root 1025 May 7 2013 pop3.rules

-rw-r--r-- 1 root root 13947 Sep 26 20:27 protocol-dns.rules

-rw-r--r-- 1 root root 4514 Sep 26 20:27 protocol-finger.rules

-rw-r--r-- 1 root root 38511 Sep 26 20:27 protocol-ftp.rules

-rw-r--r-- 1 root root 30647 Sep 26 20:27 protocol-icmp.rules

-rw-r--r-- 1 root root 20971 Sep 26 20:27 protocol-imap.rules

-rw-r--r-- 1 root root 5617 Sep 26 20:27 protocol-nntp.rules

-rw-r--r-- 1 root root 9110 Sep 26 20:27 protocol-pop.rules

-rw-r--r-- 1 root root 95127 Sep 26 20:27 protocol-rpc.rules

-rw-r--r-- 1 root root 71992 Sep 26 20:27 protocol-scada.rules

-rw-r--r-- 1 root root 5179 Sep 26 20:27 protocol-services.rules

-rw-r--r-- 1 root root 7945 Sep 26 20:27 protocol-snmp.rules

-rw-r--r-- 1 root root 10500 Sep 26 20:27 protocol-telnet.rules

-rw-r--r-- 1 root root 7280 Sep 26 20:27 protocol-tftp.rules

-rw-r--r-- 1 root root 97972 Sep 26 20:27 protocol-voip.rules

-rw-r--r-- 1 root root 334624 Sep 26 20:27 pua-adware.rules

-rw-r--r-- 1 root root 10324 Sep 26 20:27 pua-other.rules

-rw-r--r-- 1 root root 8203 Sep 26 20:27 pua-p2p.rules

-rw-r--r-- 1 root root 91850 Sep 26 20:27 pua-toolbars.rules

-rw-r--r-- 1 root root 1022 Jun 20 04:00 rpc.rules

-rw-r--r-- 1 root root 1040 May 7 2013 rservices.rules

-rw-r--r-- 1 root root 1028 Jun 20 04:00 scada.rules

-rw-r--r-- 1 root root 1025 Jun 20 04:00 scan.rules

-rw-r--r-- 1 root root 34123 Sep 26 20:27 server-apache.rules

-rw-r--r-- 1 root root 73478 Sep 26 20:27 server-iis.rules

-rw-r--r-- 1 root root 61193 Sep 26 20:27 server-mail.rules

-rw-r--r-- 1 root root 28734 Sep 26 20:27 server-mssql.rules

-rw-r--r-- 1 root root 28112 Sep 26 20:27 server-mysql.rules

-rw-r--r-- 1 root root 235805 Sep 26 20:27 server-oracle.rules

-rw-r--r-- 1 root root 351306 Sep 26 20:27 server-other.rules

-rw-r--r-- 1 root root 14062 Sep 26 20:27 server-samba.rules

-rw-r--r-- 1 root root 582043 Sep 26 20:27 server-webapp.rules

-rw-r--r-- 1 root root 1040 May 7 2013 shellcode.rules

-rw-r--r-- 1 root root 1025 May 7 2013 smtp.rules

-rw-r--r-- 1 root root 1025 Jun 20 04:00 snmp.rules

-rw-r--r-- 1 root root 1061 May 7 2013 specific-threats.rules

-rw-r--r-- 1 root root 1046 May 7 2013 spyware-put.rules

-rw-r--r-- 1 root root 30933 Sep 26 20:27 sql.rules

-rw-r--r-- 1 root root 1031 Jun 20 04:00 telnet.rules

-rw-r--r-- 1 root root 1025 Jun 20 04:00 tftp.rules

-rw-r--r-- 1 root root 1028 May 7 2013 virus.rules

-rw-r--r-- 1 root root 1025 May 7 2013 voip.rules

-rw-r--r-- 1 root root 19574 Sep 26 20:24 VRT-License.txt

-rw-r--r-- 1 root root 1046 May 7 2013 web-activex.rules

-rw-r--r-- 1 root root 1046 May 7 2013 web-attacks.rules

-rw-r--r-- 1 root root 1034 May 7 2013 web-cgi.rules

-rw-r--r-- 1 root root 1043 May 7 2013 web-client.rules

-rw-r--r-- 1 root root 1055 May 7 2013 web-coldfusion.rules

-rw-r--r-- 1 root root 1052 May 7 2013 web-frontpage.rules

-rw-r--r-- 1 root root 1034 May 7 2013 web-iis.rules

-rw-r--r-- 1 root root 1037 May 7 2013 web-misc.rules

-rw-r--r-- 1 root root 1034 May 7 2013 web-php.rules

-rw-r--r-- 1 root root 0 Oct 30 12:37 white_list.rules

-rw-r--r-- 1 root root 1918 Sep 26 20:27 x11.rules


Plz tell me what i am doing wrong as I am new user of snort. Once I
encountered the same problem but when I run snort for more time like 15--20
minutes then there is log present but now that is also not working.


I have tried portscan and icmp flood etc .
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20131118/62a96cb3/attachment.html>


More information about the Snort-users mailing list