Snort mailing list archives
snort.conf and rules
From: "Bunter, Matthew" <Matthew.Bunter () cwcom cwplc com>
Date: Tue, 15 May 2001 13:19:07 +0100
All, Still having problems getting snort started and would appreciate any help. using vision.rules (vision.rules.gz from whitehats) Snort 1.7 Got my DNS boxes specified, no SMTP boxes on my segment (used nmap to verify), ignoring SQL boxes therefore commented out. Preprocessors : defrag http_decode: 80 8080 portscan: $HOME_NET 4 3 /var/log/snort/portscan.log portscan-ignorehosts: $DNS_SERVERS Output alert_syslog: LOG_AUTH LOG_ALERT - forgive my stupidity but does anything need to be done to syslog.conf? DO any files need to be touched before running snort? Rule Set include /etc/snort/Rules/vision.rules My local.rules is commented out. What sort of include/ignores do people have that isn't covered in the DNS, SQL, SMTP areas of snort.conf? Could anyone point me to an example local.rules file? With all the above I am getting error messages that tell me things are wrong with the rules e.g. vision.rules (1) => Invalid CIDR block for IP addr 1024 : If I comment this out I then get Port value missing in rule for rule 2, same for rule 3. I'm just trying to get Snort working Please help - going crazy! Regards, Matt ********************************************************************** This message may contain information which is confidential or privileged. If you are not the intended recipient, please advise the sender immediately by reply e-mail and delete this message and any attachments without retaining a copy. ********************************************************************** _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort.conf and rules Bunter, Matthew (May 15)
- <Possible follow-ups>
- RE: snort.conf and rules Bunter, Matthew (May 15)
- RE: snort.conf and rules Watson, Ed (May 15)