Home page logo
/

snort logo Snort mailing list archives

Not getting alerts in "alert" file.
From: "Shields, Joseph (NIH/NIEHS) [C]" <joseph.shields () nih gov>
Date: Tue, 30 Apr 2013 18:14:23 +0000

Hi.  I am not sure if my running two snort processes (each monitoring a different network interface) is causing the 
alerts to NOT show up in the alert file?  When I first started up the snort process, I got alerts in the alert file.  
Then on the next day I noticed no new alerts, yet I was getting snort.log.nnnn binary log captures.  I have restarted 
the snort process monitoring em3 interface several times since I first got Snort running on Apr 15.   It looks like the 
alert file gets archived each morning and gzipped.  I don't know what is going wrong and am hoping someone has an idea 
on what is misconfigured.  Below is a screen shot of the alert files I have as well as how I am starting the two snort 
monitoring processes.  The first process noted below has been generating log files (see second screen shot below) on 
interface em3.  I believe the em2 interface is supposed to be a backup link in the event the network line being tapped 
by em3 has an issue such that traffic gets rerouted through the line being monitored by em2.   Thanks for the help!

Brian

[cid:image001.png@01CE45AC.5C499260]

[cid:image002.png@01CE45AC.5C499260]

------------------------------------------------------------------------------
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap1
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]