Snort mailing list archives
ruletype directive doesn't work: why?
From: Anton Chuvakin <anton () chuvakin org>
Date: Tue, 7 May 2002 09:41:42 -0400 (EDT)
Hello, Usually, its pretty annoying when people post an obscure chunk of the config file and ask 'why doesn't it work?', right? But sometimes, it seems to be the only way to overcome sm major obstacle. Like this, for example: --------- #custom rule to only DB incoming! ruletype incoming { type log output output database: log, mysql, user=snort dbname=snort_db host=localhost } incoming ip any any -> 1.2.3.0/24 any (msg: "Snort incoming";) ---------- does nothing!! Context: Linux 2.4.7-10 #1 Thu Sep 6 17:27:27 EDT 2001 i686 unknown snort-1.8.6, built with mysql support (LOGS to mysql just fine if 'output database:...' is present in config file, BUT not in ruletype). Any ideas? The purpose of the above is to only log incoming packets coming to the network, but not outgoing. Thanks a lot for ANY hints! Best, -- Anton A. Chuvakin, Ph.D. http://www.chuvakin.org http://www.info-secure.org _______________________________________________________________ Have big pipes? SourceForge.net is looking for download mirrors. We supply the hardware. You get the recognition. Email Us: bandwidth () sourceforge net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- ruletype directive doesn't work: why? Anton Chuvakin (May 07)