Snort mailing list archives

Re: Dynamic Rules

From: "Bamm Visscher" <bamm.visscher () gmail com>
Date: Sat, 21 Oct 2006 22:49:53 -0600

Thanks, I hadn't seen that. I did compile these rules, but I am not
sure that entry would have been much help. I'll comment more when I
get some time.


Bammkkkk

On 10/20/06, Justin Heath <justin.heath () gmail com> wrote:

Check out http://www.snort.org/docs/faq/3Q06/node87.html


On 10/20/06, Bamm Visscher < bamm.visscher () gmail com> wrote:


I just started looking at dynamic rules and had a question about
logging. The gen id is hardcoded  to 3 and it appears any alert that
goes thru unfied and barnyard is going to have a msg of "snort dynamic
alert".  Has there been any discussion about creating a map file for
these rules/alerts, or am I missing something?

Also, is there any decent docs out there for compiling these rules?

Bammkkkk



--
sguil - The Analyst Console for NSM
http://sguil.sf.net

-------------------------------------------------------------------------

Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job

easier

Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo

http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



-- 
sguil - The Analyst Console for NSM
http://sguil.sf.net

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Dynamic Rules Bamm Visscher (Oct 20)
- Re: Dynamic Rules Justin Heath (Oct 20)
- Message not available
  - Re: Dynamic Rules Bamm Visscher (Oct 21)