Rule set for specific service...!!

[kamesh_rajaram () sify com]

Snort & Demarc :
==============
They monitor a web server & a database server. What kind of rules should be used to make it work effectively, by not 
giving unwanted/irrelevant alerts. The standard rule set has all kinds of alerts. I want it to be only for the above 
mentioned services. For example: TFTP rules need not bother my NIDS. It will be waste of time and a overhead for my 
monitor. I just need an optimized rule set for my purpose. Is there anything available like that...?? Tell me a 
normal/standard solution, if any, to this. Or how do i do it..??

Bye,
Kamesh.
-------------------------------------------------
This mail helped a tree grow. Know more at http://green.sify.com

Take the shortest route to success! 
Click here to know how http://education.sify.com


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users