|
Snort-2.9.6.0 on Slackware64-current
I had been running Snort-2.9.5.6 and all was fine. Yesterday I upgraded to Snort-2.9.6.0 and Snort runs just fine but a puzzling change has occurred in the output I see from Barnyard. When I ping a host from my machine the barnyard output is normal -
02/07-15:17:13.527633 [**] [1:10000001:1] ICMP test [**] [Classification ID: 0] [Priority ID: 0] {ICMP} 213.188.254.200 -> 192.168.1.205
02/07-15:17:13.527633 [**] [1:477:3] Snort Alert [1:477:3] [**] [Classification ID: 0] [Priority ID: 0] {ICMP} 213.188.254.200 -> 192.168.1.205
However, whenever an event is logged from the outside world all I get is pages of the following -
02/07-14:09:39.811984 [**] [1:477:3] Snort Alert [1:477:3] [**]
02/07-14:09:44.347567 [**] [1:477:3] Snort Alert [1:477:3] [**]
02/07-14:09:44.790938 [**] [1:477:3] Snort Alert [1:477:3] [**]
I have checked all config files many, many times and see nothing amiss. I then upgraded to Barnyard-2.0.2 and that didn't help either. I've got all of the 2.9.6.0 rules loaded as normal in /etc/snort/rules.
Can any Snort/Barnyard guru please point me to something to check out please?? Thanks in advance.
|
