Home page logo

snort logo Snort mailing list archives

Re: Snort only partially alerting.
From: Frank Calone <fc10011001 () gmail com>
Date: Fri, 14 Jun 2013 15:50:23 -0400

I added the following option to the command line:
-k none

Here is the full command line I'm using:
/usr/sbin/snort -A fast -b -d -D -k none -i em3 -u snort -g snort -c
/etc/snort/snort.conf -l /var/log/snort -G 3

I was hopeful this would fix the alerting, however, it did not.  I had two
alerts today that the new Snort server did not flag.  Any other suggestions
on what to check out next is much appreciated.


On Wed, Jun 12, 2013 at 9:16 PM, Joel Esler <jesler () sourcefire com> wrote:

  On Jun 12, 2013, at 11:33 AM, Frank Calone <fc10011001 () gmail com> wrote:

Snort on the appliance alerted but Snort on the server did not.

Dear Frank,

Thanks for your email.  I believe you will find what you are looking for

*Joel Esler*
Senior Research Engineer, VRT
OpenSource Community Manager

This SF.net email is sponsored by Windows:

Build for Windows Store.

Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

Please visit http://blog.snort.org to stay current on all the latest Snort news!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]