[Snort-users] Ramen worm and Snort log entry
bmc at ...312...
Sun Jun 17 11:12:35 EDT 2001
Subba Rao wrote:
> The following are the preprocessors in the snort.conf file. I have changed the
> IP addresses of the systems/network here.
> var INTERNAL 192.168.1.0/24
> var EXTERNAL !$INTERNAL
> var DNS_SERVERS 192.168.1.5/24
> preprocessor http_decode: 80 8080
> preprocessor minfrag: 128
> preprocessor portscan: 126.96.36.199/2 5 3 portscan.log
> preprocessor portscan-ignorehosts: 192.168.1.0/24
> #include /usr/security/snort/etc/snort-vision.conf
> output alert_full: alert
> Why is Snort not logging any information about these trojan related alerts?
Because you don't have any rules listed there. Uncomment the include
and try again.
The MITRE Corporation
More information about the Snort-users