Re: Rules

[k vijay sai prashanth <vijaysaiprashanth () gmail com>]

Also what's the concept of blacklist and whitelist rules. Are the rules in
the blacklist.rules file rules that don't trigger events?


On Tue, Nov 27, 2012 at 2:38 AM, k vijay sai prashanth <
vijaysaiprashanth () gmail com> wrote:

> Also in all the rules files I see a majority of rules commented. Should I
> leave them commented or uncomment them or did the VRT team comment these
> because they wanted the users to uncomment them as per their need?
>
> What the deal here?
>
> Regards,
> Prashanth
>
>
> On Tue, Nov 27, 2012 at 2:37 AM, k vijay sai prashanth <
> vijaysaiprashanth () gmail com> wrote:
>
> > Hello All,
> >
> > I see that only my test ruleis triggering events.
> >
> >
> > #alert icmp any any -> $HOME_NET any (msg:"ICMP test"; sid:10000001;)
> >
> >
> > All the paths in snort.conf are correct.
> >
> > I see that my blacklist.rules is a very long file with lots of rules. Is
> > this causing the problem?
> >
> > Why is the test rule the only rules that is triggering events.
------------------------------------------------------------------------------
Monitor your physical, virtual and cloud infrastructure from a single
web console. Get in-depth insight into apps, servers, databases, vmware,
SAP, cloud infrastructure, etc. Download 30-day Free Trial.
Pricing starts from $795 for 25 servers or applications!
http://p.sf.net/sfu/zoho_dev2dev_nov

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!