Re: Log problems

[waldo kitty <wkitty42 () windstream net>]

On 11/28/2012 10:22, honeybadger () q com wrote:
> Hey Ron,
>
> Though it was my test rule but it is something else...
>
>
> If I set up a test rule with tcp any any - > any any, but I get alerts and logging.
>
> If I set the rule more specifically like: any any - > 192.168.1.50
> any, nothing is captured. I am pinging the test machine
>
> Tcpdump is showing traffic, trace route gets to the system fine.

what do you have HOME_NET and EXTERNAL_NET set as?

alert tcp any any -> any any (msg:"Testing"; sid:1; rev:1;)
alert tcp any any -> 192.168.1.50 any (msg:"Testing"; sid:2; rev:1;)

is this what your two rules look like? these are taken from the one posted 
earlier... however, i note that that one had an extra space after "->"... it 
/shouldn't/ matter but stranger things have been seen ;)


------------------------------------------------------------------------------
Keep yourself connected to Go Parallel: 
INSIGHTS What's next for parallel hardware, programming and related areas?
Interviews and blogs by thought leaders keep you ahead of the curve.
http://goparallel.sourceforge.net
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!