Snort mailing list archives
Policy-Based monitoring
From: "Kaplan, Andrew H." <AHKAPLAN () PARTNERS ORG>
Date: Wed, 13 Oct 2004 08:47:28 -0400
Hi there -- I got Snort to operate successfully and alerts are appearing on the ACID console. My next step is to refine the monitoring, and to that end the approach that I was planning on taking was using a policy-based.rules file. I will be modifying the snort.conf file to include the line: include $RULE_PATH/policy-based.rules. The questions I have are, does the position of the new line matter? Should I put the new line at the beginning of the include statements or after them? Also, besides adding the line is there anything else that I need to do to Snort, or is simply adding the above line sufficient? Thanks. ------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Policy-Based monitoring Kaplan, Andrew H. (Oct 13)
- Re: Policy-Based monitoring Jose Maria Lopez (Oct 14)
- <Possible follow-ups>
- RE: Policy-Based monitoring Kaplan, Andrew H. (Oct 14)
- FW: Policy-Based monitoring Kaplan, Andrew H. (Oct 15)