Snort mailing list archives
Re: Problem with rule
From: Nick Moore <nmoore () sourcefire com>
Date: Mon, 23 Nov 2009 06:06:51 -0600
Sofia,Can you send the Snort-users list a snip of the /var/log/snort/alert file so we can see which alerts are firing and attach a copy of your snort.conf? Others may know what is causing you trouble with the information given, but I need a little more help.
Also, if you could print the icmpv6 rule and send a pcap of the traffic you were expecting to alert, that would help me as well.
Thanks, Sent from my mobile device. Nick Moore Phone 708-336-9041 Email nmoore () Sourcefire com On Nov 23, 2009, at 3:36, sofia insat <sofia.insat () yahoo fr> wrote:
Hi everyone, I have defined a rule to alert an icmpv6 trafficbut when I display /var/log/snort/alert I didn't find this alert and I found other alert whereas I have one path rule in snort.config (include $RULE_PATH/icmpv6.rules)Do you have any idea to resolve my problem??--- --- --- --------------------------------------------------------------------- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus onwhat you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Problem with rule sofia insat (Nov 23)
- Re: Problem with rule Nick Moore (Nov 23)