SNORT-2.9.4 Installed properly but NOT Logging ALERTS
 

USING snort 2.9.4, daq 2.0.0, snortrules-snapshot-2940

I have installed snort and after installation when i run following:
I Get:
When i run this for testing installation:
I Get:
When i Run following to find if it is capturing packets:
I can see traffic but when i use ' curl http://testmyids.com ' for testing SNORT installation it does not gives any alert in unified2 file which is being logged in /var/log/snort

snort config file has this line for logging into unified file :
And for starting snort i am using following command line command:
Every thing seems to be right but why is it not logging alerts as unified2 file is always 0 bytes?

Well done, concise but nearly complete post. Only one thing is missing: which rule exactly should your action trip? After all http://testmyids.com is just a plain (URI) string and nothing else. Most of the times you'll be looking for specific packet payloads and often in the direction of the Snort sensor. Please post the rule and if you created the rule yourself please explain what you derived its filter from if necessary.

No extra rule i have made. infact in fact while googling i found that in order to test your installed SNORT use curl http://testmyids.com it will generate bad traffic for your PC or IP and SNORT will generate alert. it use to work fine when i last installed SNORT-2.9.3 with snort-rules-snapshot-2931, but now when i have installed SNORT-2.9.4 with snort-rules-snapshot-2940 it is not generating any alerts for traffic from http://testmyids.com.

Well then the first thing would be to diff the two rule sets, see what changed between snapshots?

How to find what all changes have been made at what all places since there are many rule files under ../rules. and where can i find that specific rule in which i am intrested in.

'diff -urN /one/dir /other/dir'?