Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Rules Question

From: "Nelson, Ben" <bnelson () rightnow com>
Date: Tue, 5 Aug 2003 19:03:29 -0600
Try '-T', which...by the way.....is documented in the man page along
with '-P'. :)
 
--Ben

        -----Original Message-----
        From: Stevo [mailto:checkpoint () ozbergs com] 
        Sent: Tuesday, August 05, 2003 6:34 PM
        To: snort-users () lists sourceforge net
        Subject: Re: [Snort-users] Rules Question
        
        
        Also, is there a way to verify the rules once you have created
them??

                ----- Original Message ----- 
                From: Stevo <mailto:checkpoint () ozbergs com>  
                To: snort-users () lists sourceforge net 
                Sent: Tuesday, August 05, 2003 5:13 PM
                Subject: [Snort-users] Rules Question

                I'm creating some new rules to use... I'm looking for
certain keywords in packets and have got the rule working, but I'm
interested in seeing more of the Payload... right now I'm just getting
the line that includes that keyword...  how can I tell ACID to show me
10 lines on either side of the keyword for example??
                 
                Stevo
Previous By Date Next
Previous By Thread Next

Current thread: