Snort mailing list archives
Re: New Snort 2.2 Rules
From: Eric Hines <eric.hines () appliedwatch com>
Date: Wed, 14 Sep 2005 15:33:21 -0500
Walt, I would recommend going over to your Snort sensor and making sure none of the rules you downloaded (bleeding-edge?) etc.. broke Snort. Run a ps listing and make sure Snort did not fail on restart. To get a verbose output in the case that it is failing due to something in the snort.conf or rulesets, run it from the command line in verbose mode: snort -c /path/to/snort.conf -v Regards, Eric Hines, GCIA, CISSP CEO, President Applied Watch Technologies, LLC 1095 Pingree Road Suite 213 Crystal Lake, IL 60014 Web: http://www.appliedwatch.com Toll Free: (877) 262-7593 "Enterprise Snort Management" On Wed, 2005-09-14 at 15:26 -0500, Walt Rich wrote:
I updated the Snort rules to the latest available on Souceforge's
site. They wre auite out of date, and almost a year old. Snort is up
and running, but has become very queit! It used to detect alot of
false positives, which were a pain, but at least I knew it was
working. Now it is very, very quiet, and hasn't detected anything in
over 2 hours. Is it possible that the rule writers have become so
good that the detection of false positives has been almost eliminated?
Has anyone else experienced anything similar? Any input is greatly
appreciated.
Thanks!
Parago Logo
___________________________________
| Walt Rich | Sr. Network
Engineer | Parago, Inc. |
972.538.7253 | walt.rich () parago com
|
------------------------------------------------------- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- New Snort 2.2 Rules Walt Rich (Sep 14)
- Re: New Snort 2.2 Rules Eric Hines (Sep 14)
- Re: New Snort 2.2 Rules Eric Hines (Sep 14)
- RE: New Snort 2.2 Rules Andre' M. DiMino (Sep 14)
- Re: New Snort 2.2 Rules Alex Kirk (Sep 14)
- RE: New Snort 2.2 Rules Andre' M. DiMino (Sep 15)
- Re: New Snort 2.2 Rules Alex Kirk (Sep 14)
- Re: New Snort 2.2 Rules Eric Hines (Sep 14)