[Snort-users] Should I assume it has been safe?
Subba Rao
subba9 at ...530...
Tue May 15 14:02:13 EDT 2001
I have been logging the tcpdump logs for a couple of months now. Now that I am
running snort (once again) under daemontools, the snort logs are pretty quite.
So I ran snort against the tcpdump logs. The snort configuration was the
default configuration + MaxVision's ruleset. Snort completed processing the
files normally with no screen output (except the summary statistics).
Should I assume that everything is fine or should I allow my paranoia feed
itself and look for something else in the logs? When should I say I have
dissected the log files inside out? Should that be after the rule set
combination that I am using?
Thanks for any input.
--
Subba Rao
subba9 at ...530...
http://members.home.net/subba9/
GPG public key ID 27FC9217
More information about the Snort-users
mailing list