Snort mailing list archives
RE: snort local.rules help
From: "Franki" <frankieh () vianet net au>
Date: Thu, 4 Oct 2001 22:11:54 +0800
yeah, I did that too with logcheck, and now it nightly emails me 5 mb lists of deny rules... it used to be ok when there was only a thousand lines or so, but this is ridiculous... rgds Frank -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of John Sage Sent: Thursday, 4 October 2001 9:57 PM To: Brent Cc: 'snort-users' Subject: Re: [Snort-users] snort local.rules help Brent: Of ACID, I know not.. It's a GUI-based front end for analysis, but snort is very happy without it. I don't use ACID at all (heh.. haven't for 25 years.. oops.. hmm.) Depending on your command line, and the settings in snort.conf, snort will log where ever you tell it to.. Logcheck (the logcheck from Abacus/Psionic, anyway..) just watches what gets put out by syslog and acts according to what it's been told to monitor, and how it's been told to respond. I use logcheck to email my firewall DENY's and snort alerts to several other boxes on my network - John -- John Sage FinchHaven, Vashon Island, WA, USA http://www.finchhaven.com/ mailto:jsage () finchhaven com "The web is so, like, five minutes ago..." Brent wrote:
OK i got it running by editing the local.rules file to reflect my network....anywho ...is ACID the GUI for snort ?? or does snort just report to syslog ??? or logcheck ?? or what ?? Brent ----- Original Message ----- From: "Brent" <misterb () cybertours com> To: "John Sage" <jsage () finchhaven com> Cc: "'snort-users'" <snort-users () lists sourceforge net> Sent: Tuesday, October 02, 2001 12:27 PM Subject: Re: [Snort-users] snort local.rules helpok ...but doesnt this defeat the purpose of haveing a local.rulesfile....iknow that its a set of rules for the local network...but how should configure it ?? is there a referrence to go by ?? besides the local.rules.sample that comes with the port thank you for your replies Brent ----- Original Message ----- From: "John Sage" <jsage () finchhaven com> To: "Brent" <misterb () cybertours com> Cc: "'snort-users'" <snort-users () lists sourceforge net> Sent: Monday, October 01, 2001 11:16 AM Subject: Re: [Snort-users] snort local.rules helpBrent: Try commenting the offending line in snort.conf out, thusly: # include local.rules - John
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort local.rules help Brent (Oct 01)
- Re: snort local.rules help John Sage (Oct 01)
- rpc.statd niko (Oct 01)
- Re: snort local.rules help Brent (Oct 02)
- Re: snort local.rules help Brent (Oct 02)
- Re: snort local.rules help John Sage (Oct 04)
- RE: snort local.rules help Franki (Oct 04)
- Re: snort local.rules help Skip Carter (Oct 04)
- Re: snort local.rules help John Sage (Oct 01)