Snort mailing list archives

Re: does not work local.rules

From: "Lorine Ruotolo" <lori.ruotolo () hotmail com>
Date: Tue, 08 Aug 2006 14:53:56 -0500


I think ! may not be allowed in regular text within the rule because it is 
the NOT character.  You can use escape or hex forms of it, not sure what 
they are off the top of my head though.

From: repniksz () aviva co hu
To: snort-users () lists sourceforge net
Subject: [Snort-users] does not work local.rules
Date: Tue, 8 Aug 2006 15:34:09 +0200

Hi,
I've made a very simple rule in my local.rules:
alert tcp any any -> any 8080 ( msg: "Own"; content: "Hello!!!!"; )
and after that i've watched a file in my browser on 8080 port, and i did
not get any alert.
The local.rules is in my snort.conf .
What is wrong?

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job 
easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/


-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

does not work local.rules repniksz (Aug 08)
- Re: does not work local.rules Todd Wease (Aug 08)
- Re: does not work local.rules Lorine Ruotolo (Aug 08)
  - Re: does not work local.rules info+lucretia.ca (Aug 08)