[Snort-users] darpa dataset problem(zero alert)
wkitty42 at ...14940...
Mon Aug 25 22:17:05 EDT 2014
On 8/13/2014 4:03 PM, mehdi maleki wrote:
> default configuration of rule doesn't generate alert, so i changed some in
> snort.conf (enable some alert). near 23000 alert generated, but there isn't
> gid=1. general alert didn't generated in my output alert file.while in your
> output there are many gid=1 alert. which section responsible of gid=1 alerts?
if there's no GID:1 alerts, that would seem to indicate that you have no text
based rules being loaded and in effect... they are generally loaded at the
bottom of the snort.conf file with include statements...
NOTE: No off-list assistance is given without prior approval.
Please *keep mailing list traffic on the list* unless
private contact is specifically requested and granted.
More information about the Snort-users