[Snort-sigs] commandline syntax....

Ryan Trost trostycp at ...12...
Wed Apr 21 15:03:09 EDT 2004


Coming from a SNORT newbie....

I've searched the www.snort.org website, read through Intrusion Detection 
with Snort by Koziol, and also read through the snort manual.....BUT I still 
can't find the answer to my questioin.

In my reading of documentation, #3.15 Which takes precedence, commandline or 
rule file ?

The command line always gets precedence over the rules file. If people want 
to
try stuff out quickly without having to manually edit the rules file, they
should be able to override many things from the command line.

Here's my question....

How can someone (from the commandline) add a rule such as:

alert tcp 24.197.27.173 any -> 69.20.37.124 any

**Ultimately I'm looking for the alert to trigger when my gateway computer 
sends a packet request to www.visualbasicforum.com (only URL I could think 
of).

Is this possible?  Would it be different for Linux vs. Windows?

Thanks in advance.
Ryan Trost
Trostycp at ...12...

_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar – get it now! 
http://toolbar.msn.com/go/onm00200415ave/direct/01/





More information about the Snort-sigs mailing list