Articles

Snort fail to log packet

January 4, 2013 at 17:41:12
Specs: Windows 7

Why is my alerts.ids always empty?
I' using Snort_2_9_4

See More: Snort fail to log packet

Report •


#1
January 4, 2013 at 20:18:10

http://marc.info/?l=snort-users&m=1...

That's one of many hits.

Seach goolge for snort alerts not logging.

How do you know when a politician is lying? His mouth is moving.


Report •

#2
January 4, 2013 at 20:32:20

Thanks. I manage to get it. In my PC the log will be recorded in folders and the alert.ids will remain at 0KB. However I use the same but in another computer and it store all the log in alerts.ids. Do you know why?

Report •

#3
January 4, 2013 at 21:27:01

"However I use the same but in another computer and it store all the log in alerts.ids. Do you know why?"

According to their FAQ's, it's the way you configure Snort.
http://www.sans.org/security-resour...

The main items to be configured in IDSCenter to get it running are:

General Setup Tab
Selecting the version of Snort you are using.
Enter the path of Snort.exe.
Select process priority.
I recommend using the detection button to input your IP address and subnet.
IDS Rules Tab
Select the rules file you want to use.
Enter the name and location of the external editor you want to use.
Logfile/Alerts
Select your root Snort log directory.
Select your alert file type (Full or fast).
Select the level of protocol analysis (Arp, application, etc.).
Select "Start Alarm Beep" to get that audible alarm!


Report •

Related Solutions

#4
January 5, 2013 at 17:51:08

Still can't make it work. I'm not using IDSCenter.
The log -> alerts.ids remain at 0KB all the times.

I don't know what's wrong. Btw I'm newbie with snort.


Report •

#5
January 5, 2013 at 19:16:30

Try Wireshark.

How do you know when a politician is lying? His mouth is moving.


Report •

#6
January 5, 2013 at 19:17:03

Did you google as suggested by guapo?
snort not logging alerts
http://is.gd/rcFSly

Don't know why are using Snort, others to try here.
http://www.techsupportalert.com/con...


Report •


Ask Question