[Snort-users] Snort running inline but not functioning as IPS

Robin Kipp mlists at ...17439...
Sun Jan 24 15:47:39 EST 2016


Hi,

> Am 24.01.2016 um 14:46 schrieb Y M <snort at ...15979...>:
> 
> If you are using snort.rules generated by PulledPork, then make sure the rule (gid:136, sid:1) exists in the file and that snort.rules is included in snort.conf.

Yeah, all this is in place and used to work fine… However, I feel that somehow I must have managed to screw up my Snort setup, as I’m not getting any console alerts whatsoever (not even from a locally defined ping alert rule which I used to test Snort right after the first installation).
So, what I’ll probably end up doing is to completely wipe Snort, Barnyard2 and Pulledpork from my machine and then reinstall them one by one. I’m really not sure how else I could track down this problem, especially since I’m still a Snort newbie and have barely scratched the surface.
However, thanks to the advice gathered in this conversation I at least have some important considerations in mind now, hopefully things will work out the second time around! :-)
Robin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20160124/bae1f195/attachment.html>


More information about the Snort-users mailing list