Thanks for the response Dave. My ClearOS box is exposed to the Internet with a public IP and is operating in Gateway mode. Snort is detecting plenty of attacks, but SnortSam isn't doing anything about it.

Dave Loper wrote:

Does your ClearOS server have a public IP (not an RFC 1918 address)?

If it uses a private schema, a lot of common attacks will be conducted against your frontend router instead of your ClearOS server. You would only see activity typically on open ports or if your defenses on your ISP head-end router fail.

Also, make sure the services are running in the Prevention and Detection modules.