[Snort-users] Snort only produces Steam5 alerts

Joel Esler jesler at ...1935...
Mon Sep 30 11:30:44 EDT 2013


Did you try this:

https://github.com/vrtadmin/snort-faq/blob/master/FAQ/Im-not-receiving-alerts-in-Snort.md


--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire

On Sep 27, 2013, at 4:24 PM, Joe Seanor <joseph.seanor at ...11827...> wrote:

> I have a new install of snort:
> 
>    ,,_     -*> Snort! <*-
>   o"  )~   Version 2.9.3.1 IPv6 GRE (Build 40)
>    ''''    By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team
>            Copyright (C) 1998-2012 Sourcefire, Inc., et al.
>            Using libpcap version 1.4.0
>            Using PCRE version: 8.30 2012-02-04
>            Using ZLIB version: 1.2.7
> 
> 
> And it has run for a full 24 hours, and the only alert (50 of them) that I have is stream5: Reset outside window.  I even ran an external Nmap scan, and I received a "Portscan alert" and then everything else showed up as a stream5 alert.
> 
> What did I miss in my configuration?
> 
> Joe
> 
> ------------------------------------------------------------------------------
> October Webinars: Code for Performance
> Free Intel webinars can help you accelerate application performance.
> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from 
> the latest Intel processors and coprocessors. See abstracts and register >
> http://pubads.g.doubleclick.net/gampad/clk?id=60133471&iu=/4140/ostg.clktrk_______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130930/c0796e3a/attachment.html>


More information about the Snort-users mailing list