<span style="color:rgb(255,0,0)"><u><b>I have installed snort and after installation when i run following:</b></u><br clear="all">


        
        
        
        


</span><style type="text/css">P { margin-bottom: 0.21cm; }</style><p style="margin-bottom:0.5cm;font-weight:normal"><span style="background:transparent">sudo
snort -c /usr/local/snort/etc/snort.conf
–dump-dynamic-rules=/usr/local/snort/so_rules</span></p><p style="margin-bottom:0.5cm;font-weight:normal"><span style="color:rgb(255,0,0)"><u><b><span style="background:transparent">I Get:</span></b></u></span></p><p style="margin-bottom:0.5cm;font-weight:normal">
<span style="background:transparent">Finished
dumping dynamic rules.
</span></p>
<p style="margin-bottom:0.5cm;font-weight:normal"><span style="background:transparent">Snort
exiting <br></span></p><p style="margin-bottom:0.5cm;font-weight:normal"><span style="color:rgb(255,0,0)"><span style="background-color:rgb(255,255,255)"><u><b><span style="background-image:none;background-repeat:repeat">When i run this:</span></b></u></span></span></p>
<p style="margin-bottom:0.5cm;font-weight:normal"><span style="background:transparent">sudo
snort -c /usr/local/snort/etc/snort.conf -T -l /v<span style="background-color:rgb(255,255,255)"><span style></span></span>ar/log/snort</span></p><p style="margin-bottom:0cm"><span style="color:rgb(255,0,0)"><u><b><span style="background:transparent">I Get:</span></b></u></span></p>
<p style="margin-bottom:0cm">Snort successfully validated the
configuration!
</p>
<p style="margin-bottom:0cm">Snort exiting</p>

<p style="margin-bottom:0cm"><span style="color:rgb(255,0,0)"><b><u>When i Run:</u></b></span></p><p style="margin-bottom:0cm">/usr/local/snort/bin/snort -i eth0</p><p style="margin-bottom:0cm"><span style="color:rgb(255,0,0)"><u><b>I can see traffic but when i use ' curl <a href="http://testmyids.com">http://testmyids.com</a> ' for testing SNORT installation it does not gives any alert in unified2 file which is being logged in /var/log/snort</b></u></span></p>
<p style="margin-bottom:0cm"><span style="color:rgb(255,0,0)"><u><b>snort config file has this line for logging into unified file :</b></u></span><style type="text/css">P { margin-bottom: 0.21cm; }A:link {  }</style>


</p><p style="margin-bottom:0.5cm;font-weight:normal"><span style="background:transparent">output
unified2: filename unified.snort.alert, limit 128</span></p><p style="margin-bottom:0.5cm;font-weight:normal"><span style="color:rgb(255,0,0)"><u><b><span style="background:transparent">And for starting snort i am using:</span></b></u></span></p>
<p style="margin-bottom:0.5cm;font-weight:normal"><span style="background:transparent">sudo snort -c /usr/local/snort/etc/snort.conf -l /var/log/snort -i eth0</span></p><p style="margin-bottom:0.5cm;font-weight:normal"><span style="background:transparent"><span style="color:rgb(255,0,0)"><span style="background-color:rgb(255,255,255)"><u><b>Every thing seems to be right but why is it not logging alerts ?</b></u></span></span><br>
</span></p>



<p style="margin-bottom:0.5cm;font-weight:normal"><br>


        
        
        
        <style type="text/css">PRE.cjk { font-family: "WenQuanYi Micro Hei",monospace; }PRE.ctl { font-family: "Lohit Hindi",monospace; }P { margin-bottom: 0.21cm; }</style>


</p><pre class="western" style="margin-bottom:0.5cm"><br></pre>







<br>-- <br>Arun Pushkar<br>09043404301<br>