USING snort 2.9.4, daq 2.0.0, snortrules-snapshot-2940
I have installed snort and after installation when i run following:
sudo snort -c /usr/local/snort/etc/snort.conf –dump-dynamic-rules=/usr/local/snort/so_rules
Finished dumping dynamic rules.
When i run this for testing installation:
sudo snort -c /usr/local/snort/etc/snort.conf -T -l /var/log/snort
Snort successfully validated the configuration!
When i Run following to find if it is capturing packets:
/usr/local/snort/bin/snort -i eth0
I can see traffic but when i use ' curl http://testmyids.com
' for testing SNORT installation it does not gives any alert in unified2 file which is being logged in /var/log/snort
snort config file has this line for logging into unified file :
output unified2: filename unified.snort.alert, limit 128
And for starting snort i am using following command line command:
sudo snort -c /usr/local/snort/etc/snort.conf -l /var/log/snort -i eth0
Every thing seems to be right but why is it not logging alerts as unified2 file is always 0 bytes?