Snort mailing list archives
Simple Snort Rule Help
From: "Pennell, Ronald B." <rpennell () ida org>
Date: Wed, 11 May 2005 14:19:26 -0400
Help, Please I'm trying to capture an alert for each email message that is going outbound for my organization. I've tried the following rule and my Snort Admin had it tagged to the bad_unknown class. When I check the ACID viewer it never gets logged. Do I need to create a special class for this and try to separate it from the bad_unknown class? Can we setup special classes? If so how I would do that? Or, is the below statement not going to work? Alert tcp $SMTP_NET any --> any 25 (msg:"outgoing SMTP";) rpennell () ida org
Current thread:
- Simple Snort Rule Help Pennell, Ronald B. (May 11)
- Re: Simple Snort Rule Help Matt Kettler (May 11)