Re: Nimda specific logging

[Subba Rao <subba9 () home com>]

On  0, "Andrew R. Baker" <andrewb0x29a () yahoo com> wrote:
> --- Subba Rao <subba9 () home com> wrote:
> > order: nimda activation dynamic alert log pass
> >
> > I have added the above line to my snort.conf (now test.conf) and
> > restarted
> > Snort. The "current" file (Snort startup messages) has Snort cannot
> > understand the "order" ruletype. The message is as follows:
> >
> > ERROR line etc/test.conf (421) => Unknown rule type: order:
>
> my fault, that should be
>
> config order: nimda activation dynamic alert log pass

Thank you for replying. The above line did work.

The defined ruletype nimda still does not create the file
"nimda.log"

ETC/SNORT.CONF

ruletype nimda
{
 type alert
 output alert_fast: nimda.log
}

The ETC/NIMDA.RULES file contains:

nimda tcp $EXTERNAL_NET andy -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE \
/_vti_bin/access";flags: A+; uricontent:"/_vti_bin/"; nocase; \
classtype:bad-unknown; sid:1288; rev:1;)
.
.

Why is the nimda.log file not being created?

-- 

Subba Rao
subba9 () home com                     http://members.home.net/subba9/
OpenPGP/GPG public key ID CCB7344E

 => Time is relative. Here is a new way to look at time. <=
http://www.smcinnovations.com

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users