Snort mailing list archives

RE: MySql-Acid logging

From: "Michael Steele" <michaels () silicondefense com>
Date: Fri, 18 Apr 2003 13:35:52 -0700

Cilin,

Drop these into your local.rules. It will trigger on everything. I wouldn't
leave them on for too long as they will fill the database up very quickly.
Be sure to restart Snort after you add them. To disable them place a hash
mark in front of them and be sure to restart snort.

alert ip any any -> any any (msg:"Got an IP packet";)
alert tcp any any -> any any (msg:"Got an TCP packet";)
alert udp any any -> any any (msg:"Got an UDP packet";)
alert icmp any any -> any any (msg:"Got an ICMP packet";)

BTW, I posted this exact same reply yesterday.

-Michael
-- 
 Michael Steele | System Engineer / Support Technician     
 mailto:michaels () silicondefense com    
 Silicon Defense - The Cyber-War Defense Company
 Website: http://www.silicondefense.com
 Snort: Open Source Network IDS - http://www.snort.org

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Cilin
Sent: Friday, April 18, 2003 12:57 PM
To: snort-users () lists sourceforge net

Hi guys, 

I just set up Snort as a service and all the juicy
programs along with it. When I open the acid_main.php
i have no evidence of any intrusion(everything is 0).
Do you guys know a program or a way i can generate an
alert so i test to see if my configuration works.

Also would a port scan be considered an alert, because
i try scanning from a home network but no alerts were 
detected. I am blaming this on the network switch
rather than the alert problem.

thnks for any input in advance, 


=====
"Knowing others is wisdom, knowing yourself is Enlightenment." -Lao Tzu

__________________________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo
http://search.yahoo.com


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

MySql-Acid logging Cilin (Apr 18)
- Re: MySql-Acid logging Rolf Brusletto (Apr 18)
- RE: MySql-Acid logging Michael Steele (Apr 18)
- Re: MySql-Acid logging Shawn Duffy (Apr 18)
- <Possible follow-ups>
- RE: MySql-Acid logging Elvira_Byrnes (Apr 22)