Re: Generating alert when reading tcpdump file

[John Sage <jsage () finchhaven com>]

On Thu, Jul 04, 2002 at 02:52:54PM -0400, xun wang wrote:
> Yes, I believe I configured the snort.conf file correctly. All the rules 
> downloaded from snort.org are included in the snort.conf file and HOME_NET 
> was set. I used the command line switch -h speicfying the home_net as well.
>
> Where did I do wrong?

Personally, this is yet another lesson in why it's likely to be a
waste of time trying to diagnose problems for people who do not post,
from the very beginning:

1) OS

2) snort version

3) full text of the command line used to invoke snort

4) full text of snort.conf


Without these, it's like you've gone into an auto dealership and said
"My car is making a funny noise."


What I've been trying to do is to infer what you're doing, from
generalities like "..I believe I configured the snort.conf
correctly..."

What does that mean? Did you, or didn't you?

When you offer only that vague sort of information, no one has any
real solid inforation to work from...


- John
-- 
"You are in a little maze of twisty passages, all different."

PGP key      http://www.finchhaven.com/pages/gpg_pubkey.html
Fingerprint  FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5 


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Caffeinated soap. No kidding.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users