Snort mailing list archives
Re: snort local.rules help
From: "Brent" <misterb () cybertours com>
Date: Tue, 2 Oct 2001 14:17:34 -0400
OK i got it running by editing the local.rules file to reflect my network....anywho ...is ACID the GUI for snort ?? or does snort just report to syslog ??? or logcheck ?? or what ?? Brent ----- Original Message ----- From: "Brent" <misterb () cybertours com> To: "John Sage" <jsage () finchhaven com> Cc: "'snort-users'" <snort-users () lists sourceforge net> Sent: Tuesday, October 02, 2001 12:27 PM Subject: Re: [Snort-users] snort local.rules help
ok ...but doesnt this defeat the purpose of haveing a local.rules
file....i
know that its a set of rules for the local network...but how should configure it ?? is there a referrence to go by ?? besides the local.rules.sample that comes with the port thank you for your replies Brent ----- Original Message ----- From: "John Sage" <jsage () finchhaven com> To: "Brent" <misterb () cybertours com> Cc: "'snort-users'" <snort-users () lists sourceforge net> Sent: Monday, October 01, 2001 11:16 AM Subject: Re: [Snort-users] snort local.rules helpBrent: Try commenting the offending line in snort.conf out, thusly: # include local.rules - John -- John Sage FinchHaven, Vashon Island, WA, USA http://www.finchhaven.com/ mailto:jsage () finchhaven com "The web is so, like, five minutes ago..." Brent wrote:Im trying to run snort on my FBSD 4.3 box ...when i start it doing: /usr/local/bin/snort -d -h 192.168.0.0/24 -l /var/log/snort.log -c /usr/local/etc/snort.conf & from /etc/rc.conf i get it cant initialize because it cant find local.rules.... however the local.rules is in the the default directory for snort but its empty there is A local.rules.sample but im not sure how to apply it to
my
situation.. any help is greatly appreciated Brent_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort local.rules help Brent (Oct 01)
- Re: snort local.rules help John Sage (Oct 01)
- rpc.statd niko (Oct 01)
- Re: snort local.rules help Brent (Oct 02)
- Re: snort local.rules help Brent (Oct 02)
- Re: snort local.rules help John Sage (Oct 04)
- RE: snort local.rules help Franki (Oct 04)
- Re: snort local.rules help Skip Carter (Oct 04)
- Re: snort local.rules help John Sage (Oct 01)