Snort mailing list archives
RE: generating an alert
From: "Michael Steele" <michaels () silicondefense com>
Date: Thu, 17 Apr 2003 17:32:10 -0700
Rick, Drop these into your local.rules. It will trigger on everything. I wouldn't leave them on for too long as they will fill the database up very quickly. Be sure to restart Snort after you add them. To disable them place a hash mark in front of them and be sure to restart snort. alert ip any any -> any any (msg:"Got an IP packet";) alert tcp any any -> any any (msg:"Got an TCP packet";) alert udp any any -> any any (msg:"Got an UDP packet";) alert icmp any any -> any any (msg:"Got an ICMP packet";) -Michael -- Michael Steele | System Engineer / Support Technician mailto:michaels () silicondefense com Silicon Defense - The Cyber-War Defense Company Website: http://www.silicondefense.com Snort: Open Source Network IDS - http://www.snort.org -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Rick S. Sent: Thursday, April 17, 2003 4:32 PM To: snort-users () lists sourceforge net Hello I am new to snort. I would like to run it in IDS mode. so I used snort -D -s -c /etc/snort/snort.conf Its the stock snort.conf. In syslog it says it initialized fine. How can I test it? I would to know that it works and will log alerts to syslog. Is there a way that I can generate an alert to prove its worth? thanx for your time. Rick S. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- generating an alert Rick S. (Apr 17)
- RE: generating an alert Michael Steele (Apr 17)
- RE: generating an alert Rick S. (Apr 17)
- RE: generating an alert Michael Steele (Apr 17)