Snort 2.9.0.5 with Snort Report 1.3.1 stops displaying alerts

[Jimi]

Well, it was a good try. I successfully installed Snort 2.9.0.5 with Snort Report 1.3.1 and actually displayed various alerts... for awhile.

After collecting about 2000 alerts Snort Report 1.3.1 no longer updates. I'm not sure if it's a Snort Report problem or a Snort problem.

I've turned on packed sniffing via the command line to verify that Snort is receiving packets and it is. 

Are there any other checks that I do to determine if Snort is actually generating alerts and maybe Snort Report is not able to access them?

Thanks,

Jim

[David Gullett]

Are you seeing anything at all on the screen? If there are a lot of
alerts SR can time out depending on the speed of the machine. Usually
this happens after a few hundred thousand alerts. To fix that, trim
your rules down because you're likely getting a ton of false
positives.

[Jimi]

Thanks for the quick reply.

Yes, I have a nice Snort Report Screen for at least the first x-number of alerts. (Actually I've done fresh installs on two separate servers, both Dell 1950s, and have the same problem on both.) 

I'm monitoring a 4 megabit/sec serial interface on a Cisco Router so the traffic load is minimal.

For the first few minutes of running snort I can refresh the Snort Report web page and see the alerts increment but after some amount of time the alerts no longer update. I've even let it run for an hour and when I come back to refresh nothing has changed.