[Snort-sigs] commandline syntax....
trostycp at ...12...
Wed Apr 21 15:03:09 EDT 2004
Coming from a SNORT newbie....
I've searched the www.snort.org website, read through Intrusion Detection
with Snort by Koziol, and also read through the snort manual.....BUT I still
can't find the answer to my questioin.
In my reading of documentation, #3.15 Which takes precedence, commandline or
rule file ?
The command line always gets precedence over the rules file. If people want
try stuff out quickly without having to manually edit the rules file, they
should be able to override many things from the command line.
Here's my question....
How can someone (from the commandline) add a rule such as:
alert tcp 18.104.22.168 any -> 22.214.171.124 any
**Ultimately I'm looking for the alert to trigger when my gateway computer
sends a packet request to www.visualbasicforum.com (only URL I could think
Is this possible? Would it be different for Linux vs. Windows?
Thanks in advance.
Trostycp at ...12...
FREE pop-up blocking with the new MSN Toolbar get it now!
More information about the Snort-sigs