Snort mailing list archives
Re: Is snort working?
From: "Al Lewis \(allewi\) via Snort-users" <snort-users () lists snort org>
Date: Sun, 18 Feb 2018 23:27:26 +0000
Is snort running on your workstation or another machine? If on another machine how is traffic supposed to get into snort? Is the traffic spanned to snort or is snort running inline? Stop/start snort and look at the exit stats. Do you see traffic counts? Albert Lewis ENGINEER.SOFTWARE ENGINEERING SOURCEfire, Inc. now part of Cisco Email: allewi () cisco com<mailto:allewi () cisco com> From: Snort-users <snort-users-bounces () lists snort org> on behalf of Lee Brown <leeb () ratnaling org> Date: Sunday, February 18, 2018 at 6:23 PM To: "snort-users () lists snort org" <snort-users () lists snort org> Subject: Re: [Snort-users] Is snort working? Here's what I used to test with: My workstation ping 8.8.8.8 triggers this. alert icmp 10.1.10.175 any -> 8.8.8.8 any (msg:"warning1";sid:1000001;rev:1) On Sun, Feb 18, 2018 at 2:59 PM, Al Lewis (allewi) via Snort-users <snort-users () lists snort org<mailto:snort-users () lists snort org>> wrote: Are you sure that snort is seeing traffic correctly? Write a custom rule and/or create some traffic or condition that will trigger a rule. Albert Lewis ENGINEER.SOFTWARE ENGINEERING SOURCEfire, Inc. now part of Cisco Email: allewi () cisco com<mailto:allewi () cisco com> From: Snort-users <snort-users-bounces () lists snort org<mailto:snort-users-bounces () lists snort org>> on behalf of bobby via Snort-users <snort-users () lists snort org<mailto:snort-users () lists snort org>> Reply-To: bobby <architectofthefuture () gmail com<mailto:architectofthefuture () gmail com>> Date: Sunday, February 18, 2018 at 3:04 PM To: "snort-users () lists snort org<mailto:snort-users () lists snort org>" <snort-users () lists snort org<mailto:snort-users () lists snort org>> Subject: [Snort-users] Is snort working? I am using the default registered user snort rules. I have not modified the rules. I noticed that my snort log has not been updated/growing. I would think by default, many rules would be enabled, and the log would grow exponentially in size. Am I wrong to assume this? _______________________________________________ Snort-users mailing list Snort-users () lists snort org<mailto:Snort-users () lists snort org> Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Current thread:
- Is snort working? bobby via Snort-users (Feb 18)
- Re: Is snort working? Al Lewis (allewi) via Snort-users (Feb 18)
- Re: Is snort working? Lee Brown (Feb 18)
- Re: Is snort working? Al Lewis (allewi) via Snort-users (Feb 18)
- Re: Is snort working? Lee Brown (Feb 18)
- Re: Is snort working? Al Lewis (allewi) via Snort-users (Feb 18)