Snort mailing list archives
RE: MySql-Acid logging
From: "Michael Steele" <michaels () silicondefense com>
Date: Fri, 18 Apr 2003 13:35:52 -0700
Cilin, Drop these into your local.rules. It will trigger on everything. I wouldn't leave them on for too long as they will fill the database up very quickly. Be sure to restart Snort after you add them. To disable them place a hash mark in front of them and be sure to restart snort. alert ip any any -> any any (msg:"Got an IP packet";) alert tcp any any -> any any (msg:"Got an TCP packet";) alert udp any any -> any any (msg:"Got an UDP packet";) alert icmp any any -> any any (msg:"Got an ICMP packet";) BTW, I posted this exact same reply yesterday. -Michael -- Michael Steele | System Engineer / Support Technician mailto:michaels () silicondefense com Silicon Defense - The Cyber-War Defense Company Website: http://www.silicondefense.com Snort: Open Source Network IDS - http://www.snort.org -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Cilin Sent: Friday, April 18, 2003 12:57 PM To: snort-users () lists sourceforge net Hi guys, I just set up Snort as a service and all the juicy programs along with it. When I open the acid_main.php i have no evidence of any intrusion(everything is 0). Do you guys know a program or a way i can generate an alert so i test to see if my configuration works. Also would a port scan be considered an alert, because i try scanning from a home network but no alerts were detected. I am blaming this on the network switch rather than the alert problem. thnks for any input in advance, ===== "Knowing others is wisdom, knowing yourself is Enlightenment." -Lao Tzu __________________________________________________ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo http://search.yahoo.com ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- MySql-Acid logging Cilin (Apr 18)
- Re: MySql-Acid logging Rolf Brusletto (Apr 18)
- RE: MySql-Acid logging Michael Steele (Apr 18)
- Re: MySql-Acid logging Shawn Duffy (Apr 18)
- <Possible follow-ups>
- RE: MySql-Acid logging Elvira_Byrnes (Apr 22)