Snort mailing list archives

Should I assume it has been safe?

From: Subba Rao <subba9 () home com>
Date: Tue, 15 May 2001 18:02:13 +0000

I have been logging the tcpdump logs for a couple of months now. Now that I am
running snort (once again) under daemontools, the snort logs are pretty quite.
So I ran snort against the tcpdump logs. The snort configuration was the 
default configuration + MaxVision's ruleset. Snort completed processing the
files normally with no screen output (except the summary statistics).

Should I assume that everything is fine or should I allow my paranoia feed
itself and look for something else in the logs? When should I say I have
dissected the log files inside out? Should that be after the rule set
combination that I am using?

Thanks for any input. 
-- 

Subba Rao
subba9 () home com
http://members.home.net/subba9/

GPG public key ID 27FC9217

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Should I assume it has been safe? Subba Rao (May 15)