Snort mailing list archives
RE: MySql-Acid logging
From: Elvira_Byrnes () mobileinnovations com au
Date: Wed, 23 Apr 2003 13:14:49 +1000
Hi there I followed your instructions Michael. I still don't have any reports. What else can I check? Thanks a lot. Elvira -----Original Message----- From: Michael Steele [mailto:michaels () silicondefense com] Sent: Saturday, 19 April 2003 6:36 AM To: 'Cilin' Cc: snort-users () lists sourceforge net Subject: RE: [Snort-users] MySql-Acid logging Cilin, Drop these into your local.rules. It will trigger on everything. I wouldn't leave them on for too long as they will fill the database up very quickly. Be sure to restart Snort after you add them. To disable them place a hash mark in front of them and be sure to restart snort. alert ip any any -> any any (msg:"Got an IP packet";) alert tcp any any -> any any (msg:"Got an TCP packet";) alert udp any any -> any any (msg:"Got an UDP packet";) alert icmp any any -> any any (msg:"Got an ICMP packet";) BTW, I posted this exact same reply yesterday. -Michael -- Michael Steele | System Engineer / Support Technician mailto:michaels () silicondefense com Silicon Defense - The Cyber-War Defense Company Website: http://www.silicondefense.com Snort: Open Source Network IDS - http://www.snort.org -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Cilin Sent: Friday, April 18, 2003 12:57 PM To: snort-users () lists sourceforge net Hi guys, I just set up Snort as a service and all the juicy programs along with it. When I open the acid_main.php i have no evidence of any intrusion(everything is 0). Do you guys know a program or a way i can generate an alert so i test to see if my configuration works. Also would a port scan be considered an alert, because i try scanning from a home network but no alerts were detected. I am blaming this on the network switch rather than the alert problem. thnks for any input in advance, ===== "Knowing others is wisdom, knowing yourself is Enlightenment." -Lao Tzu __________________________________________________ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo http://search.yahoo.com ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ******************** Confidentiality Statement *************************** This message contains privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message, you must not disseminate, copy or take any action in reliance on it. If you have received this message in error, please delete it from your system and notify the sender immediately. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the view of the company. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- MySql-Acid logging Cilin (Apr 18)
- Re: MySql-Acid logging Rolf Brusletto (Apr 18)
- RE: MySql-Acid logging Michael Steele (Apr 18)
- Re: MySql-Acid logging Shawn Duffy (Apr 18)
- <Possible follow-ups>
- RE: MySql-Acid logging Elvira_Byrnes (Apr 22)