Re: Is snort working?

[Lee Brown <leeb () ratnaling org>]

Here's what I used to test with:  My workstation ping 8.8.8.8 triggers this.

alert icmp 10.1.10.175 any -> 8.8.8.8 any (msg:"warning1";sid:1000001;rev:1)

On Sun, Feb 18, 2018 at 2:59 PM, Al Lewis (allewi) via Snort-users <
snort-users () lists snort org> wrote:

> Are you sure that snort is seeing traffic correctly?
>
>
>
> Write a custom rule and/or create some traffic or condition that will
> trigger a rule.
>
>
>
>
>
> *Albert Lewis*
>
> ENGINEER.SOFTWARE ENGINEERING
>
> SOURCE*fire*, Inc. now part of *Cisco*
>
> Email: allewi () cisco com
>
> *From: *Snort-users <snort-users-bounces () lists snort org> on behalf of
> bobby via Snort-users <snort-users () lists snort org>
> *Reply-To: *bobby <architectofthefuture () gmail com>
> *Date: *Sunday, February 18, 2018 at 3:04 PM
> *To: *"snort-users () lists snort org" <snort-users () lists snort org>
> *Subject: *[Snort-users] Is snort working?
>
>
>
> I am using the default registered user snort rules.  I have not modified
> the rules.  I noticed that my snort log has not been updated/growing.  I
> would think by default, many rules would be enabled, and the log would grow
> exponentially in size.  Am I wrong to assume this?
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists snort org
> Go to this URL to change user options or unsubscribe:
> https://lists.snort.org/mailman/listinfo/snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
> Please follow these rules: https://snort.org/faq/what-is-
> the-mailing-list-etiquette
_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette