Snort mailing list archives
Re: Rules
From: k vijay sai prashanth <vijaysaiprashanth () gmail com>
Date: Tue, 27 Nov 2012 03:11:54 +0530
Also what's the concept of blacklist and whitelist rules. Are the rules in the blacklist.rules file rules that don't trigger events? On Tue, Nov 27, 2012 at 2:38 AM, k vijay sai prashanth < vijaysaiprashanth () gmail com> wrote:
Also in all the rules files I see a majority of rules commented. Should I leave them commented or uncomment them or did the VRT team comment these because they wanted the users to uncomment them as per their need? What the deal here? Regards, Prashanth On Tue, Nov 27, 2012 at 2:37 AM, k vijay sai prashanth < vijaysaiprashanth () gmail com> wrote:Hello All, I see that only my test ruleis triggering events. #alert icmp any any -> $HOME_NET any (msg:"ICMP test"; sid:10000001;) All the paths in snort.conf are correct. I see that my blacklist.rules is a very long file with lots of rules. Is this causing the problem? Why is the test rule the only rules that is triggering events.
------------------------------------------------------------------------------ Monitor your physical, virtual and cloud infrastructure from a single web console. Get in-depth insight into apps, servers, databases, vmware, SAP, cloud infrastructure, etc. Download 30-day Free Trial. Pricing starts from $795 for 25 servers or applications! http://p.sf.net/sfu/zoho_dev2dev_nov
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!