Snort mailing list archives
Re: Policy-Based monitoring
From: Jose Maria Lopez <jkerouac () bgsec com>
Date: 14 Oct 2004 23:39:44 +0200
El mié, 13 de 10 de 2004 a las 14:47, Kaplan, Andrew H. escribió:
Hi there -- I got Snort to operate successfully and alerts are appearing on the ACID console. My next step is to refine the monitoring, and to that end the approach that I was planning on taking was using a policy-based.rules file. I will be modifying the snort.conf file to include the line: include $RULE_PATH/policy-based.rules. The questions I have are, does the position of the new line matter? Should I put the new line at the beginning of the include statements or after them? Also, besides adding the line is there anything else that I need to do to Snort, or is simply adding the above line sufficient? Thanks.
I don't think it does matter whether you put your new rules, but be careful not to interfere with other rules or SIDs. -- Jose Maria Lopez Hernandez Director Tecnico de bgSEC jkerouac () bgsec com bgSEC Seguridad y Consultoria de Sistemas Informaticos http://www.bgsec.com ESPAÑA The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles. -- Jack Kerouac, "On the Road" ------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Policy-Based monitoring Kaplan, Andrew H. (Oct 13)
- Re: Policy-Based monitoring Jose Maria Lopez (Oct 14)
- <Possible follow-ups>
- RE: Policy-Based monitoring Kaplan, Andrew H. (Oct 14)
- FW: Policy-Based monitoring Kaplan, Andrew H. (Oct 15)