On Tue, Nov 19, 2013 at 3:30 PM, waldo kitty <wkitty42 at ...14940...> wrote:
> FWIW: those rules will trigger on pretty much any traffic that snort sees... if
> they are not triggering at all, then your traffic may be packaged in some packet
> type...
> are you using VLans?

Nope, and wow, no kidding about those rules triggering anything!

I definitely have alerts now in the web GUI for barnyard.  Lots and
lots of alerts!  So I've disabled those now.

Best I can tell it was not alerting until I included the -D switch to
daemonize it.  That's odd but maybe expected.  I dunno.

So I'm going to keep my eye on it to see what's what.  And keep
digging into the manual.

So ... I think it is working.  Fingers crossed and we'll see.

I'd like to figure out how to get the most serious alerts in email but
maybe reading the fine manual will tell me that :-)

