Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ids policy mgr installed w policy, sensor-now 0 length log files, no alerts

From: "Michael Steele" <michaels () winsnort com>
Date: Fri, 9 Oct 2009 12:10:55 -0400
Your rules most likely got corrupted. Restore your last rules backup. If you
want to try and repair the existing rule set you can run Snort with your
current run line and attach a -T to the end. Snort will error and display
the problem rule. There may be more then one problems, just keep running
with the -T until all are resolved.

 

Kindest regards,

Michael...

 

WINSNORT.com Management Team Member

--

****************** Established ~ 2001 *******************

*          Visit Us @  <http://www.winsnort.com> http://www.winsnort.com
*

*      ~~ FREE WinIDS Snort installation guides ~~      *

*               ~~ FREE support forums ~~               *

* Snort: Open Source Network IDS -  <http://www.snort.org>
http://www.snort.org *

*********************************************************

 

From: Ronald.KayeJr () cognizant com [mailto:Ronald.KayeJr () cognizant com] 
Sent: Friday, October 09, 2009 10:05 AM
To: plug () lists phillylinux org; snort-users () lists sourceforge net;
ny-sug () lists snort org
Subject: [Snort-users] ids policy mgr installed w policy, sensor-now 0
length log files, no alerts

 

I HAD the latest snort, base, and barnyard2 WORKING on a ubuntu 9 platform.

 

Then I installed IDS Policy Manager on my XP workstation.

Under the output section of my policy, I had to add unified2, like my
snort.conf

I updated the policy to my sensor.

 

Ever since, when I run snort/barnyard2, I get no output to my log file.

A log file is created, but with 0 length files

 

Any thoughts?

 

Ron Kaye


This e-mail and any files transmitted with it are for the sole use of the
intended recipient(s) and may contain confidential and privileged
information.If you are not the intended recipient, please contact the sender
by reply e-mail and destroy all copies of the original message. Any
unauthorized review, use, disclosure, dissemination, forwarding, printing or
copying of this email or any action taken in reliance on this e-mail is
strictly prohibited and may be unlawful.

 


------------------------------------------------------------------------------
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay 
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: