Problem getting a snort rule to work

["Pennell, Ronald B." <rpennell () ida org>]

I'm extremely new to snort and have been trying to get a simple snort
rule to work.

 

I'm task with grabbing an alert for every email message that is going
outbound from my organization.

 

I've tried using the following local rule:

 

Alert tcp $SMTP_NET --> any 25

 

Alert udp    "                    "     "

 

Alert tcp $HOME_Net      "   "

 

When I check the acid viewer, I see no traffic at all.

 

Any help would be greatly appreciated.

 

Ron Pennell

rpennell () ida org