Snort mailing list archives
Barebones Snort Install
From: Thomas Hyslip <thomas.hyslip () gmail com>
Date: Fri, 3 Jan 2014 19:30:30 -0500
Long story short, I want to install Snort with one rules or pre-processors. Basically, I want to run Snort and write a few small rules myself to test a theory, and I don't want any other alerts going off. I install Snort, barnyard2, etc and everything will working fine, but I can't get rid of a few pre-processor alerts. I have '#' out all the lines in snort.conf for rules and pre-processors but cant get ride of certain alerts (http inspect: long header; stream5, tecp small segment threshold. ) The other strange issue, I wrote a small rule just to test Snort for tcp traffic to any external on port 80 and it worked. But I have deleted the rule and restarted, and I am still getting alerts for the rule. I would love to fix this install, but if not possible, any advice on a fresh install with no signatures or rules in place would be very much appreciated. Thanks Tom
------------------------------------------------------------------------------ Rapidly troubleshoot problems before they affect your business. Most IT organizations don't have a clear picture of how application performance affects their revenue. With AppDynamics, you get 100% visibility into your Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Barebones Snort Install Thomas Hyslip (Jan 03)