Snort mailing list archives
Re: Generating alert when reading tcpdump file
From: "xun wang" <xuntwang () hotmail com>
Date: Thu, 04 Jul 2002 14:52:54 -0400
Yes, I believe I configured the snort.conf file correctly. All the rules downloaded from snort.org are included in the snort.conf file and HOME_NET was set. I used the command line switch -h speicfying the home_net as well.
Where did I do wrong?
From: John Sage <jsage () finchhaven com> To: xun wang <xuntwang () hotmail com> CC: andrewb () snort org, snort-users () lists sourceforge net Subject: Re: [Snort-users] Generating alert when reading tcpdump file Date: Thu, 4 Jul 2002 11:05:22 -0700 On Thu, Jul 04, 2002 at 09:29:59AM -0400, xun wang wrote: > Thanks for your prompt response.> Actually I realized that I should specify the rules for snort to be able to> trigger alert. But when I tried the "-c /path/snort.conf", I won't get > anything except an empty alert file. When I removed this switch from my > command, at least I could get lots of directory named with source IP > addresses in the /var/log/snort directory. > > I didn't specify to write the alert to syslog, but I check the syslog as > well and didn't find any alert. > > What is your thought? Have you bothered to configure snort.conf correctly? It's not enough to just point to it via the command line, it's necessary to go through snort.conf and edit it to have it do what you want. Just a thought... - John -- "You are in a little maze of twisty passages, all different." PGP key http://www.finchhaven.com/pages/gpg_pubkey.html Fingerprint FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5 ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Caffeinated soap. No kidding. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_________________________________________________________________MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Caffeinated soap. No kidding. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Generating alert when reading tcpdump file tang xun (Jul 03)
- Re: Generating alert when reading tcpdump file Andrew R. Baker (Jul 03)
- Re: Generating alert when reading tcpdump file Erek Adams (Jul 03)
- <Possible follow-ups>
- Re: Generating alert when reading tcpdump file xun wang (Jul 04)
- Re: Generating alert when reading tcpdump file John Sage (Jul 04)
- Re: Generating alert when reading tcpdump file xun wang (Jul 04)
- Re: Generating alert when reading tcpdump file John Sage (Jul 04)
- Re: Generating alert when reading tcpdump file Andrew R. Baker (Jul 03)