Snort mailing list archives
Re: rule for cacti failed login
From: Sharif Uddin <Sharif.Uddin () spectrumasa com>
Date: Tue, 16 Sep 2014 17:01:57 +0000
I still don't understand how pulledpork will know about this rule if it don't exist in snortrules? -----Original Message----- From: waldo kitty [mailto:wkitty42 () windstream net] Sent: 16 September 2014 17:46 To: snort-users () lists sourceforge net Subject: Re: [Snort-users] rule for cacti failed login On 9/16/2014 5:55 AM, Sharif Uddin wrote:
But this is a custom rule, how can I create description myself?
the description is the MSG portion of the rule... if you have the rule in (eg) local.rules and pulledpork knows about local.rules, then it should include the description automatically when it handles the sid-msg.map file... -- NOTE: No off-list assistance is given without prior approval. Please *keep mailing list traffic on the list* unless private contact is specifically requested and granted. ------------------------------------------------------------------------------ Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce. Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! IMPORTANT - This message and any attached files contain information intended for the exclusive use of the party or parties to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not an intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify the sender immediately and delete the original message without making any copies. Copyright in this email and any attachments belong to Spectrum Geo Limited. We cannot guarantee the security or confidentiality of email communications. We do not accept any liability for losses or damages that you may suffer as a result of your receipt of this email. Email communication with Spectrum Geo Ltd., may be monitored as permitted by UK legislation. Spectrum Geo Limited, is a limited company registered in England and Wales. Registered number: 1979422. Registered office: 95 Aldwych, London WC2B 4JF. ------------------------------------------------------------------------------ Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce. Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- rule for cacti failed login Sharif Uddin (Sep 12)
- Re: rule for cacti failed login Jeremy Hoel (Sep 12)
- Re: rule for cacti failed login Sharif Uddin (Sep 15)
- Re: rule for cacti failed login Jeremy Hoel (Sep 15)
- Re: rule for cacti failed login Sharif Uddin (Sep 16)
- Re: rule for cacti failed login waldo kitty (Sep 16)
- Re: rule for cacti failed login Sharif Uddin (Sep 16)
- Re: rule for cacti failed login waldo kitty (Sep 16)
- Re: rule for cacti failed login Sharif Uddin (Sep 15)
- Re: rule for cacti failed login Jeremy Hoel (Sep 12)