Snort mailing list archives
Re: dynamicdetection rules
From: "Nerijus Krukauskas" <nkrukauskas () gmail com>
Date: Fri, 15 Feb 2008 14:38:38 +0200
On 14/02/2008, Richard Bejtlich <taosecurity () gmail com> wrote:
Nerijus Krukauskas wrote:How do I enable dynamicdetection rules?I wrote a whole Snort Report http://searchsecuritychannel.techtarget.com/tips/index/0,289482,sid97_tax307691,00.html on this topic. Specifically, http://searchsecuritychannel.techtarget.com/tip/0,289483,sid97_gci1299181,00.html Please see if it answers your question. Sincerely, Richard
Thanks a lot. The part I was missing: all entries in so_rules/*rules were commented out. As soon as I added them into snort config w/o comments they were loaded and started to generate alerts. A very good article, Richard. Thanks again. -- http://nk99.org/ ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- dynamicdetection rules Nerijus Krukauskas (Feb 08)
- <Possible follow-ups>
- Re: dynamicdetection rules Richard Bejtlich (Feb 14)
- Re: dynamicdetection rules Nerijus Krukauskas (Feb 15)