[Snort-sigs] ..:: Unclassified rules ::..
Alfonso Alejandro Reyes Jimenez
aareyes at ...3581...
Thu Mar 24 20:04:36 EDT 2011
Hi Joel, yeap I'm using barnyard2.
De: Joel Esler [mailto:jesler at ...435...]
Enviado el: jueves, 24 de marzo de 2011 05:13 p.m.
Para: Alfonso Alejandro Reyes Jimenez
CC: snort-sigs at lists.sourceforge.net
Asunto: Re: [Snort-sigs] ..:: Unclassified rules ::..
How are you getting events into the database? Are you using barnyard?
On Mar 24, 2011, at 5:54 PM, Alfonso Alejandro Reyes Jimenez wrote:
I have a question about the rules, this question may be stupid but I
couldn't find any information on web.
My snorts works perfectly, no issues at all.
We are creating customized rules for our servers for example:
alert tcp any any -> $Mail 25 (content: "|76 72 66 79|"; msg: "Comando
SMTP ilegal, posible reconocimiento"; sid:1999993;
The rule works fine and Base shows the correct signature ID, the only
issue is that the rule appear as unclassified in the gui. We have tried
adding the classtype to the signature with no luck.
How can we classify those rules?
Thanks in advance for your help.
http://blog.snort.org | http://vrt-blog.snort.org |
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-sigs