Snort mailing list archives
packet logging
From: cc <cc () belfordhk com>
Date: Wed, 23 Jul 2003 15:07:32 +0800
Hi, I'm new to snort and am finding it to be quite a difficult app to understand. I do have a basic setup done and just upgraded to 2.0.1. I have it logging to a log directory. I'm just testing snort right now and was wondering if someone could tell me if the following rule is wrong: alert tcp any any -> $LAN any ( content: "GET /banner/"; \ msg: "banner test";) It's in the myrules.rules file and is included in the snort.conf file. If a user from a workstation goes to a website and the website sends a banner, shouldn't there be a log? Thanks -- email: cc () belfordhk com | "A man who knows not where he goes, | knows not when he arrives." | - Anon ** All information contained in this email is strictly ** ** confidential and may be used by the intended receipient ** ** only. **
Current thread:
- packet logging cc (Jul 23)
- Re: packet logging Matt Kettler (Jul 23)