[TCLUG] Enabled Rules Not generating Alerts

[Ben Jordan]

I have installed and configured snort 2.1.0.  I have successfully

configured it to work with Postgres.  I am collecting data, and can see

that data in Postgres.  I am getting plenty of http_inspect alerts

generated, and they are succesfully showing up in the ACID reports.  I

have created scripts to download updated rule sets, unpack them, test

them, and impliment them.  Working great...



However, I am not generating any alerts from any rule sets, only

preprocessor alerts, such as the http_inspect as stated above.  I have the

default rules enabled, as it comes default in snort.conf in 2.1.0.  I have

read README.alert_order, and have read several posts on how to check your

snort conf.  I have included my snort.conf below.  I have run Nessus,

using all tests, on all ports, against the snort IP, and an IP on the

internal net from an IP outside the network.  Can anyone see why I am not

getting any alerts generated?  I am at a loss.



I can include my snort.conf at request, but due to it's length have excluded it.



Ben Jordan

_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
Help beta test TCLUG's potential new home: http://plone.mn-linux.org
Got pictures for TCLUG? Beta test http://plone.mn-linux.org/gallery
tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list