[Snort-users] Fw: darpa dataset problem(zero alert)

mehdi maleki mehdimlk2003 at ...131...
Tue Aug 19 18:04:10 EDT 2014


Hi Esler





Default configuration of rule doesn't generate alert, so i
changed some in snort.conf (enable some alert). Near 23000 alert generated, but
there isn't gid=1. General alert didn't generate in my output alert file. While
in your output there are many gid=1 alerts. Which section responsible of gid=1
alerts? What changes do i need to perform in snort.conf file to have output
same to you? I attach my snort.conf file & alert file.Thanks
m. maleki
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140819/679955c9/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: alert_config.zip
Type: application/zip
Size: 210503 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140819/679955c9/attachment.zip>


More information about the Snort-users mailing list