packet logging

[cc <cc () belfordhk com>]

Hi,

I'm new to snort and am finding it to be quite a
difficult app to understand.

I do have a basic setup done and just upgraded
to 2.0.1.  I have it logging to a log directory.


I'm just testing snort right now and was wondering if someone
could tell me if the following rule is wrong:

alert tcp any any -> $LAN any ( content: "GET /banner/"; \
                                msg: "banner test";)

It's in the myrules.rules file and is included in the
snort.conf file.

If a user from a workstation goes to a website and the
website sends a banner, shouldn't there be a log?

Thanks


-- 
email: cc () belfordhk com  | "A man who knows not where he goes,
                         |  knows not when he arrives."
                         |                - Anon



** All information contained in this email is strictly     **
** confidential and may be used by the intended receipient **
** only.                                                   **