[Snort-users] darpa dataset problem(zero alert)

waldo kitty wkitty42 at ...14940...
Mon Aug 25 22:17:05 EDT 2014


On 8/13/2014 4:03 PM, mehdi maleki wrote:
> default configuration of rule doesn't generate alert, so i changed some in
> snort.conf (enable some alert). near 23000 alert generated, but there isn't
> gid=1. general alert didn't generated in my output alert file.while in your
> output there are many gid=1 alert. which section responsible of gid=1 alerts?

if there's no GID:1 alerts, that would seem to indicate that you have no text 
based rules being loaded and in effect... they are generally loaded at the 
bottom of the snort.conf file with include statements...


-- 
  NOTE: No off-list assistance is given without prior approval.
        Please *keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.




More information about the Snort-users mailing list