Snort mailing list archives
Rule classifictions
From: "Scott Elgram" <SElgram () VerifPoint com>
Date: Wed, 29 Jul 2009 12:02:44 -0700
Hello, I have written some custom rules to help me learn more about snort. These rules are very generic and I have been noticing that my rules all get marked as "unclassified". I thought that it was because I did not have a classtype defined in the rule or in classification.config. Have sense added the following info to my rules and the classification.config file: ----------------myrules.rules----------------- alert tcp 192.168.0.103 any -> any any (sid:1000300; msg:"Logged TCP Traffic"; classtype:logged-tcp;) --------------------------------------------------- ----------------classification.config----------------- config classification: logged-tcp,TCP Traffic from my computer,10 ---------------------------------------------------------- However, alerts generated from myrules.rules are still showing up as "unclassified". What am I missing? Thanks, -Scott
------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Rule classifictions Scott Elgram (Jul 29)