[Snort-users] Should I assume it has been safe?

Subba Rao subba9 at ...530...
Tue May 15 14:02:13 EDT 2001


I have been logging the tcpdump logs for a couple of months now. Now that I am
running snort (once again) under daemontools, the snort logs are pretty quite.
So I ran snort against the tcpdump logs. The snort configuration was the 
default configuration + MaxVision's ruleset. Snort completed processing the
files normally with no screen output (except the summary statistics).

Should I assume that everything is fine or should I allow my paranoia feed
itself and look for something else in the logs? When should I say I have
dissected the log files inside out? Should that be after the rule set
combination that I am using?

Thanks for any input. 
-- 

Subba Rao
subba9 at ...530...
http://members.home.net/subba9/

GPG public key ID 27FC9217




More information about the Snort-users mailing list