Re: @snort alert

[waldo kitty <wkitty42 () windstream net>]

On 11/28/2013 2:44 AM, anagha b wrote:
> I havenot specified any rule just stated snort.
>
> Barnyard giving follwing o/p
[trim]
> I have to specify my rule for detection ? Snort must have signature to detecet
> this then why this kind of o/p?

you have a local rule with SID 1000002 but that rule contains no revision 
number... you should add a revision number to all rules you write and make sure 
you increment that revision number any time* you modify the rule...

eg: alert tcp any any -> any any (msg: "TCP packet detected!"; sid: 1; rev: 1;)


* "any time" meaning any time the rule has major changes in the detection 
portion... many systems use a CSV/SVN to keep their rules in for tracking 
changes... the revision number in the rule helps those working with the alerts 
to know exactly which version of the rule they are dealing with...

-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT 
organizations don't have a clear picture of how application performance 
affects their revenue. With AppDynamics, you get 100% visibility into your 
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!