Snort mailing list archives

ruletype directive doesn't work: why?

From: Anton Chuvakin <anton () chuvakin org>
Date: Tue, 7 May 2002 09:41:42 -0400 (EDT)

Hello,

Usually, its pretty annoying when people post an obscure chunk of the
config file and ask 'why doesn't it work?', right?

But sometimes, it seems to be the only way to overcome sm major obstacle.
Like this, for example:

---------
#custom rule to only DB incoming!
ruletype incoming
{
   type log output
   output database: log, mysql, user=snort dbname=snort_db host=localhost
}

incoming ip any any -> 1.2.3.0/24 any (msg: "Snort incoming";)
----------
does nothing!!

Context:

Linux 2.4.7-10 #1 Thu Sep 6 17:27:27 EDT 2001 i686 unknown
snort-1.8.6, built with mysql support (LOGS to mysql just fine if 'output
database:...' is present in config file, BUT not in ruletype).

Any ideas? The purpose of the above is to only log incoming packets coming
to the network, but not outgoing.

Thanks a lot for ANY hints!

Best,
-- 
     Anton A. Chuvakin, Ph.D.
     http://www.chuvakin.org
   http://www.info-secure.org


_______________________________________________________________

Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: bandwidth () sourceforge net
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

ruletype directive doesn't work: why? Anton Chuvakin (May 07)