Snort mailing list archives
Re: Ramen worm and Snort log entry
From: Brian Caswell <bmc () mitre org>
Date: Sun, 17 Jun 2001 11:12:35 -0400
Subba Rao wrote:
The following are the preprocessors in the snort.conf file. I have changed the IP addresses of the systems/network here. ==================================================================== var INTERNAL 192.168.1.0/24 var EXTERNAL !$INTERNAL var DNS_SERVERS 192.168.1.5/24 preprocessor http_decode: 80 8080 preprocessor minfrag: 128 preprocessor portscan: 1.1.1.1/2 5 3 portscan.log preprocessor portscan-ignorehosts: 192.168.1.0/24 #include /usr/security/snort/etc/snort-vision.conf output alert_full: alert ==================================================================== Why is Snort not logging any information about these trojan related alerts?
Because you don't have any rules listed there. Uncomment the include statement and try again. -- Brian Caswell The MITRE Corporation _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Ramen worm and Snort log entry Subba Rao (Jun 17)
- Re: Ramen worm and Snort log entry Brian Caswell (Jun 17)
- Re: Ramen worm and Snort log entry Subba Rao (Jun 17)
- Re: Ramen worm and Snort log entry Brian Caswell (Jun 17)