Snort mailing list archives
Re: Using a var in the conf and local rules
From: JJ Cummings <cummingsj () gmail com>
Date: Mon, 25 Feb 2013 12:59:01 -0800
Can still be, and should be, done with blacklisting Sent from the iRoad On Feb 25, 2013, at 12:39, Stephen Mintz <greybard () q com> wrote:
Actually about it, I don't want to blacklist the sites, just get an alert when they are attempted. So back to a conf var. "Lay, James" <james.lay () wincofoods com> wrote:From: Stephen Mintz [mailto:greybard () q com] Sent: Monday, February 25, 2013 1:15 PM To: Lay, James Subject: Re: [Snort-users] Using a var in the conf and local rules Hey James, Thanks for the reply! Not sure either, never done that. I am open for trying anything so I will check into it. If anyone has any advice please reply? "Lay, James" <james.lay () wincofoods com> wrote: From: honeybadger () q com [mailto:honeybadger () q com] Sent: Monday, February 25, 2013 10:51 AM To: Snort-users () lists sourceforge net Subject: [Snort-users] Using a var in the conf and local rules Hey all, I am adding scanners for 600+ suspect IPs in a text file. Ok adding in include snort.var Adding var IP_RULES Then tcp any any - > $IP_RULES any (msg:"suspect IP detected; sid 4525;) I would like if the alert would tell me which IP it found. Usually I would use a content but this is different. Any know how to set this up? Thanks,-- Sent from my Android phone with K-9 Mail. Please excuse my brevity. ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Using a var in the conf and local rules honeybadger (Feb 25)
- Re: Using a var in the conf and local rules waldo kitty (Feb 25)
- Re: Using a var in the conf and local rules Lay, James (Feb 25)
- Message not available
- Re: Using a var in the conf and local rules Lay, James (Feb 25)
- Re: Using a var in the conf and local rules Stephen Mintz (Feb 25)
- Re: Using a var in the conf and local rules JJ Cummings (Feb 25)
- Re: Using a var in the conf and local rules Joel Esler (Feb 25)
- Message not available
- Re: Using a var in the conf and local rules Joel Esler (Feb 25)