Snort mailing list archives

Previous By Date Next
Previous By Thread Next

snort not capturing packets for alerts (sometimes)

From: Russell Fulton <r.fulton () auckland ac nz>
Date: Wed, 24 Oct 2001 15:00:04 +1300 (NZDT)
Hi All,
        I am running snort 1.8.1 on a debian linux system:
snort -A full -c rules.130.216.0.0 -d -D -e -h 130.216.0.0/16 -i eth1 
-l /home/snort/LOGS/DMZ-OS/20011024/20011024.hh

Most of the time it dutifully logs packets that caused alerts into the 
approriate directory but every now and again when I look for a packet 
log there isn't anything there.

The snort process is restarted every hour, I run a hourly perl script 
which I adapted from snorticus.

In some cases out of a bunch of very similar alerts some get logged and 
some don't.

Any ideas as to what is going on or any hint as to how to debug this 
problem.


Russell Fulton, Computer and Network Security Officer
The University of Auckland,  New Zealand


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: