Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Rule classifictions

From: "Scott Elgram" <SElgram () VerifPoint com>
Date: Wed, 29 Jul 2009 12:02:44 -0700
Hello,

            I have written some custom rules to help me learn more about
snort.  These rules are very generic and I have been noticing that my rules
all get marked as "unclassified".  I thought that it was because I did not
have a classtype defined in the rule or in classification.config.   Have
sense added the following info to my rules and the classification.config
file:

 

----------------myrules.rules-----------------

alert tcp 192.168.0.103 any -> any any (sid:1000300; msg:"Logged TCP
Traffic"; classtype:logged-tcp;)

---------------------------------------------------

 

----------------classification.config-----------------

config classification: logged-tcp,TCP Traffic from my computer,10

----------------------------------------------------------

 

However, alerts generated from myrules.rules are still showing up as
"unclassified".  What am I missing?

 

Thanks,

-Scott

 


------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: