[Snort-devel] Re: Status alert

Phil Wood cpw at ...86...
Tue Feb 24 11:29:11 EST 2004


On Tue, Feb 24, 2004 at 09:04:27AM -0500, Chris Green wrote:
> Martin Olsson <elof at ...969...> writes:
> 
> > Not really. In my example you check the entire chain from the sensor to
> > the receiving end, not just that the process is running.
> > Example:
> 
> One way this has been solved in several scenarios is to emit a custom
> ping / udp packet at set intervals so you are testing the sniffing
> interface as well with a custom rule so that you are testing the
> entire sensor.
Works for me.
> 
> A good reason to do this is sometimes the promisc flag gets wonky and
> you have a snort that's not actually sniffing.
> -- 
> Chris Green <cmg at ...2257...>
> A watched process never cores.
> 
> 
> 
> -------------------------------------------------------
> SF.Net is sponsored by: Speed Start Your Linux Apps Now.
> Build and deploy apps & Web services for Linux with
> a free DVD software kit from IBM. Click Now!
> http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel

-- 
Phil Wood (cpw_at_lanl.gov)




More information about the Snort-devel mailing list