[Snort-users] Fw: darpa dataset problem(zero alert)

mehdi maleki mehdimlk2003 at ...131...
Wed Aug 20 16:36:57 EDT 2014

On Wednesday, August 20, 2014 2:34 AM, mehdi maleki <mehdimlk2003 at ...131...> wrote:

Hi Esler & Waldo

My question was not answered! 
When rule set (registered snortrules-snapshot-2962) and
input pcap file (darpa dataset) is same to yours why the output alert file is
very different?
Your output alert file have many gid: 1 alerts but there is
any gid: 1 alert in my output alert file.
What is my problem?
 What changes do
i need to perform in snort.conf file to have output same to you?
 I attach my
snort.conf file & alert file.
m. maleki
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140820/ccc820d0/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: alert_config.zip
Type: application/zip
Size: 210503 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140820/ccc820d0/attachment.zip>

More information about the Snort-users mailing list