Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort not seeing my local rules

From: wkitty42 () windstream net
Date: Sun, 26 Feb 2017 11:56:56 -0500
On 02/26/2017 09:31 AM, Dawit Admassu wrote:

Snort can not see my local rules, I tried to apply some local rules but snort
not registering.


did you include the file in your snort.conf?
what error, if any, is snort giving you about them?

generally speaking, the file is named local.rules and is stored in the same 
directory as all your other rules... they also need to be in proper format 
including the msg, content, sid and rev sections... what do your rules look like?

have you tried the local-test.rules file that is out and about? it alerts on all 
traffic and is used to make sure that snort is seeing traffic and analyzing it...

-- 
  NOTE: No off-list assistance is given without prior approval.
        *Please keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: