Snort mailing list archives
Problem with the -o option
From: "Kaplan, Andrew H." <AHKAPLAN () PARTNERS ORG>
Date: Fri, 5 Nov 2004 10:50:28 -0500
Hi there -- I am trying to use a policy-based.rules file and am running Snort 2.1.3 with the -o option. The problem is, several servers that are listed with pass rules specific to them seem to be ignored by the sensor and are generating an inordinate amount of alerts in the database. I have several questions concerning this: 1. When listing the -o option, do I need to include the full path the policy-based.rules file similarly to how it is done for the -c snort.conf file? 2. The pass rules all have the <> operand between every instance of the source and destination. Is there anything else I need to do within the file? ------------------------------------------------------- This SF.Net email is sponsored by: Sybase ASE Linux Express Edition - download now for FREE LinuxWorld Reader's Choice Award Winner for best database on Linux. http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Problem with the -o option Kaplan, Andrew H. (Nov 05)
- Message not available
- Re: Problem with the -o option Matt Kettler (Nov 05)
- Message not available
- Message not available
- Re: Problem with the -o option Matt Kettler (Nov 05)
- <Possible follow-ups>
- RE: Problem with the -o option Kaplan, Andrew H. (Nov 05)