[Snort-sigs] Windows Snort
FRANK SORNATALE
sornatale at ...12...
Wed Mar 15 11:46:01 EST 2006
I have figured out some rules in for my snort question:
I am trying to test my rules in snort: I am using windows and doing
everything from the command line. This is what my teacher says to do:
------------------------------------------------------------------------------------------------------------------------------------------
Deliverable: You are to upload your Snort alert file (NOT THE RULES FILE).
Name the file:
<firstname>.<lastname>.alert.txt
At the top of the alert file, you should list how many packets tripped each
rule (that is, how many times the alert appeared in your alert file). NOTE:
There may be one or more rules below that do not match any packets in the
file.
Create your own rule set, call it myrules.rules. Place this ruleset into the
Snort rules directory. Update the snort.conf file so that it points to
Snorts rule directory.
Here's how to run Snort against the packet capture file:
# snort -c /etc/snort/snort.conf -k ASCII -r assgn3.pcap
or you may indicate the log directly at the commandline:
# snort -c /etc/snort/snort.conf -l ./log -k ASCII -r assgn3.pcap
-------------------------------------------------------------------------------------------------------------------------------------------
I keep getting the output of the alert.ids from the log file. Using the
command:
C:\snort\bin> snort -c ../etc/snort/snort.conf -l ../log -k ASCII -r
assgn3.pcap
How do I test my rules: I created a text file with my rules as
firstname.lastname.alert.txt
How do I get it to run the rules I created?
_________________________________________________________________
Is your PC infected? Get a FREE online computer virus scan from McAfee�
Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
More information about the Snort-sigs
mailing list