Snort drops traffic but not alerts on anything.
-
Hello guy,
I've run into an issue that snort is drop traffic but not alerts on anything. I know its snort dropping traffic because simply turning it off on the interfaces would allow traffic to flow. I've re-installed the binaries with no difference.
-
@lugwitz said in Snort drops traffic but not alerts on anything.:
Hello guy,
I've run into an issue that snort is drop traffic but not alerts on anything. I know its snort dropping traffic because simply turning it off on the interfaces would allow traffic to flow. I've re-installed the binaries with no difference.
Try stopping and then restarting the service on the INTERFACES tab. I ran into an issue similar to that while testing the new Snort 2.9.17.1 version I'm working on. It appears that, for some reason yet unknown, Snort quits writing alerts to the alert log file. The ALERTS tab populates from that file, so obviously nothing new will show up if Snort is not writing new alerts to the file.
-
My short term fix is to stop snort completely. Wouldn't that be the same thing?
-
@lugwitz said in Snort drops traffic but not alerts on anything.:
My short term fix is to stop snort completely. Wouldn't that be the same thing?
Yes, stopping is OK. But of course unless you manually restart, then you would not have Snort scanning traffic. On the INTERFACES tab are two icons for the service. One stops it, then once Snort is stopped that icon changes to a start symbol. The other icon, when Snort is running, is the circular arrow. When you click that icon, it will stop and then restart Snort in a sequence.
-
@bmeeks I still run into the same thing after restarting it. I can't keep restarting it because it seems to happen again immediately.