Snort mailing list archives
Re: does not work local.rules
From: "info+lucretia.ca" <info () lucretia ca>
Date: Tue, 08 Aug 2006 17:56:45 -0600
Also make sure your snort.conf is actually looking at your local.rules. This is commented out by default. Cheers, James Friesen, CIO Lucretia Enterprises Our World Is Here info at lucretia dot ca http://lucretia.ca
-----Original Message----- From: snort-users-bounces () lists sourceforge net [mailto:snort-users-bounces () lists sourceforge net] On Behalf Of Lorine Ruotolo Sent: Tuesday, August 08, 2006 1:54 PM To: repniksz () aviva co hu; snort-users () lists sourceforge net Subject: Re: [Snort-users] does not work local.rules I think ! may not be allowed in regular text within the rule because it is the NOT character. You can use escape or hex forms of it, not sure what they are off the top of my head though.From: repniksz () aviva co hu To: snort-users () lists sourceforge net Subject: [Snort-users] does not work local.rules Date: Tue, 8 Aug 2006 15:34:09 +0200 Hi, I've made a very simple rule in my local.rules: alert tcp any any -> any 8080 ( msg: "Own"; content:"Hello!!!!"; ) andafter that i've watched a file in my browser on 8080 port, and i did not get any alert. The local.rules is in my snort.conf . What is wrong?------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology tomake your jobeasier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users_________________________________________________________________ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ -------------------------------------------------------------- ----------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&;
dat=121642
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- does not work local.rules repniksz (Aug 08)
- Re: does not work local.rules Todd Wease (Aug 08)
- Re: does not work local.rules Lorine Ruotolo (Aug 08)
- Re: does not work local.rules info+lucretia.ca (Aug 08)