RE: snort woes (update)

["John Berkers" <berjo () ozemail com au>]

Jim,

I noticed in an earlier message that you put the tcp any any -> any any rule
into your virus.rules.  This include file is commented out by default, make
sure that the # in front of it is removed and see how you go.

Hope your hair grows back when the problems are sorted. :)

Regards,
John Berkers
berjo () ozemail com au


-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net]On Behalf Of Jim Starke
Sent: Sunday, 12 August 2001 10:30
To: snort-users () lists sourceforge net
Subject: Re: [Snort-users] snort woes (update)


It appears that I have snort logging to mysql now but it appears to be
only logging icmp packets. It is not logging tcp or udp traffic.

When I exit snort I can see that it sees the tcp and udp packets.

Even with the following rule in place, it is not logging tcp traffic. :-(

alert tcp any any -> any any (msg:"TCP traffic";)

Has anyone ran into this problem before?

[snip]

Anyone know of a good brand of wax for a bald head? I think I've pulled
all of my hair out now. lol!

--
Quidquid latine dictum sit, altum viditur.
http://www.jcsmall.com/homepage


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users