Barebones Snort Install

[Thomas Hyslip <thomas.hyslip () gmail com>]

Long story short, I want to install Snort with one rules or pre-processors.
 Basically, I want to run Snort and write a few small rules myself to test
a theory, and I don't want any other alerts going off.

I install Snort, barnyard2, etc and everything will working fine, but I
can't get rid of a few pre-processor alerts. I have '#' out all the lines
in snort.conf for rules and pre-processors but cant get ride of certain
alerts (http inspect: long header; stream5, tecp small segment threshold. )

The other strange issue, I wrote a small rule just to test Snort for tcp
traffic to any external on port 80 and it worked. But I have deleted the
rule and restarted, and I am still getting alerts for the rule.

I would love to fix this install, but if not possible, any advice on a
fresh install with no signatures or rules in place would be very much
appreciated.

Thanks
Tom

------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT 
organizations don't have a clear picture of how application performance 
affects their revenue. With AppDynamics, you get 100% visibility into your 
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!