[Snort-users] Snort Sensors do not appear to be detecting what they should

Jacobi, Michael W CIV NSWCCD Philadelphia, 10432 michael.jacobi1 at ...7622...
Wed Mar 11 14:42:41 EDT 2015


I have been recently asked to start working with the Snort installation at my site (Snort 2.9.6.2, Barnyard, BASE).  Based on what alerts I am seeing, I feel that the system is not detecting what is should be finding.  For example the sensor that is facing my ISP has less than 20 detects in the last few days, and I am seeing events on sensors that I know should be passing by other sensors but I do not see an correlation in the detects between the sensors.

I have had prior IDS experience, but I just started attempting to work with Snort.  I would appreciate what help you can give me to work to making this system more functional.  Pointers to FAQs and other online resources are always helpful.

Thanks!

Mike Jacobi




More information about the Snort-users mailing list