Snort mailing list archives
RE: Problems with Policy-Based Rules file
From: "Kaplan, Andrew H." <AHKAPLAN () PARTNERS ORG>
Date: Thu, 4 Nov 2004 08:46:43 -0500
Hi Alex -- I ran the ps -ef |grep snort command syntax and it does appear the snort binary is running with the -o option. -----Original Message----- From: Alex Butcher, ISC/ISYS [mailto:Alex.Butcher () bristol ac uk] Sent: Thursday, November 04, 2004 4:02 AM To: Kaplan, Andrew H.; Snort User Group (E-mail) Subject: Re: [Snort-users] Problems with Policy-Based Rules file --On 03 November 2004 14:16 -0500 "Kaplan, Andrew H." <AHKAPLAN () PARTNERS ORG> wrote:
1. Two servers with the addresses of 192.168.2.2 and 192.168.2.3 are sending requests via port 1985 to the 226.0.0.2:1985 multicast address via UDP. I added a section to the file that calls for a pass of said traffic from both servers via TCP and UDP. Even though I added it to the file, I am still getting a large amount of alerts from both machines.
[snip]
The version of Snort that is being run is version 2.1.3, and the syntax used to run the program is /usr/sbin/snort -o -u snort -g snort -d -D -c /etc/snort/snort.conf -i eth0
That would appear to indicate that the '-o' ("pass first") option isn't working. Use ps to verify that Snort is *really* running with the -o option. Best Regards, Alex. -- Alex Butcher: Security & Integrity, Personal Computer Systems Group Information Systems and Computing GPG Key ID: F9B27DC9 GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9 ------------------------------------------------------- This SF.Net email is sponsored by: Sybase ASE Linux Express Edition - download now for FREE LinuxWorld Reader's Choice Award Winner for best database on Linux. http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Problems with Policy-Based Rules file Kaplan, Andrew H. (Nov 03)
- Re: Problems with Policy-Based Rules file Alex Butcher, ISC/ISYS (Nov 04)
- <Possible follow-ups>
- FW: Problems with Policy-Based Rules file Kaplan, Andrew H. (Nov 03)
- RE: Problems with Policy-Based Rules file Kaplan, Andrew H. (Nov 04)
- RE: Problems with Policy-Based Rules file Alex Butcher, ISC/ISYS (Nov 04)