Snort mailing list archives

Previous By Date Next
Previous By Thread Next

How to ask a good question and not be treated like a dolt..

From: John Sage <jsage () finchhaven com>
Date: Sat, 29 Dec 2001 07:40:13 -0800
I decided to post this off-list reply to the list, because (I think, at least..) it lays out some good ground-rules for asking questions that actually *get* replies. 

+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=

xxxxxx:

Your post probably got no responses for several reasons:


1) for almost every question of any sort, it would be most helpful if
people would *always* give:

a) snort version and build
b) platform/OS
c) full command line
d) relevant (which is to say all..) commands from within snort.conf

That information is not alway relevant, but at least it shows that
you're willing to tell everyone all they would need to know, so that no
one has to ask you two or three more questions before they have all the
facts together.


2) yours is the sort of question to which the real, first answer is
always "Try it"

The core of the snort list is really mostly a bunch of hackers (hackers
in the real true first meaning of the word, not as it's been prostituted
by an utterly clueless press in the last several years; see:
http://www.tuxedo.org/~esr/jargon/html/entry/hacker.html) -- these
people expect you to try stuff, and/or give evidence that you really
*have* RTFM, before they're likely to answer questions that are (at
least to them..) pretty self-evident.

Try reading the SNORT USAGE and the SNORT FAQ, both of which were just
posted to the list, and which are posted weekly.


3) a major misunderstanding about snort is that it will *neither* alert
*nor* log any packet for which there is no rule.

In your case, it sounds like what you want to be doing is editing a
specific rule or two, not messing with the command line...


HTH..

- John

--
Computers: they're really nothing but l's ans O's


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: