Re: Need help 'log to' option of the snort rule

[manjushree ks <manjushree.ks () hotmail com>]

Hi again,

Sorry, A small correction in the rule,

It would be,

alert tcp any any -> any any (msg:"Policy Violation : YOUTUBE is visited via a different site"; content:"youtube.com"; 
threshold: type both, track by_src,count 1, seconds 120;\
logto:"/etc/snort/youtubeviolation.log1"; classtype:policy-violation;sid:7000002;)

Regards,
Manju


From: manjushree.ks () hotmail com
To: snort-sigs () lists sourceforge net
Date: Fri, 26 Mar 2010 19:02:00 +0530
Subject: [Snort-sigs] Need help 'log to' option of the snort rule









Hi, 

This is Manju writing in to request any suggestions on the below snort rule,

I have a rule here which would be required to create a log file inorder to log in any of the alerts detected due to the 
visit of ' youtube .com' site .

But unfortunately its not creating any of the file named youtubeviolation1.log in the specified directory. Could 
anybody throw some light on this?

below is the rule,

alert tcp any any -> any any (msg:"Policy Violation : YOUTUBE is visited via a different site"; content:"youtube.com"; 
threshold: type both, track by_src,count 1, seconds 120;\
logto:"/etc/snort/youtubeviolation.log"; classtype:policy-violation;sid:7000002;)

Thanks!
Manju

------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs