Snort mailing list archives

Previous By Date Next
Previous By Thread Next

rules not being matched...

From: "Christensen Tom" <paveraware () hotmail com>
Date: Sun, 09 Jan 2005 02:51:03 +0000
I have a couple of quick questions, I am trying to deploy snort for a small office and the owners would like to be notified if their employees are browsing porn as they have had problems with this in the past. I tried enabling the porn.rules line that is commented out by default in the snort.conf file and restarted snort afterwards, however browsing porn does not generate any alerts. Other alerts are happening, so I know that my snort install is working properly. My question is where are the rules in this file looking for the strings? In the actual http content or in headers, urls, etc? 

Tom




-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: