Snort mailing list archives

RE: ACID

From: "Michael Steele" <michaels () winsnort com>
Date: Thu, 12 Feb 2004 17:58:54 -0800

Create a file called test.rules and insert the 3 rules below in that file
and save it to your /rules folder. Now in your snort.conf add a new include
line at the bottom for "test.rules". Now restart Snort and generate some
browser traffic and you should see all kinds of alerts in ACID being
generated.

Be sure to hash (#) out the new include line after the test is successful or
you will fill your database up. Be sure to restart Snort after you has the
line out. 

Test Rules: 

alert tcp any any -> any any (msg:"Alert: Got a TCP Packet";) 
alert udp any any -> any any (msg:"Alert: Got a UDP Packet";) 
alert icmp any any -> any any (msg:"Alert: Got a ICMP Packet";) 


Kindest regards, 

The WINSNORT.com Management Team
-- 
Pick up your FREE Windows or UNIX Snort installation guides       
mailto:support () winsnort com
Website: http://www.winsnort.com
Snort: Open Source Network IDS - http://www.snort.org

-----Original Message-----
From: Oliver [mailto:quemit () yahoo com]
Sent: Monday, February 09, 2004 4:58 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] ACID

Installed ACID on Linux9. It look as if my SNort is
functioning
properly.
My ACID web view is not displaying any events
happening. I've
preformed a couple of scans inside my network, still
nothing is
showing up on ACID. I've checked my snort.conf, it
looks correct to
me. Oh, by the way I'm new at this.
Any suggestion?
Thx





-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

ACID Oliver (Feb 09)
- <Possible follow-ups>
- RE: ACID DeBerry, Casey (Feb 12)
  - RE: ACID Michael Steele (Feb 12)
- ACID Israel_Guadalupe_Lopez_Mascorro . . /Administracion/Jalisco (Feb 23)
  - RE: ACID Fred McFeeters (Feb 23)
    - DB SNORT Israel_Guadalupe_Lopez_Mascorro . . /Administracion/Jalisco (Feb 23)
    - RE: DB SNORT HuMPie (Feb 23)
    - Re: ACID Scott Elgram (Feb 24)
- ACID Israel_Guadalupe_Lopez_Mascorro . . /Administracion/Jalisco (Feb 23)
- ACID Israel_Guadalupe_Lopez_Mascorro . . /Administracion/Jalisco (Feb 24)