[Snort-users] snort local.rules help

John Sage jsage at ...2022...
Thu Oct 4 06:58:02 EDT 2001


Of ACID,  I know not..

It's a GUI-based front end for analysis, but snort is very happy without it.

I don't use ACID at all (heh.. haven't for 25 years.. oops.. hmm.)

Depending on your command line, and the settings in snort.conf, snort 
will log where ever you tell it to..

Logcheck (the logcheck from Abacus/Psionic, anyway..) just watches what 
gets put out by syslog and acts according to what it's been told to 
monitor, and how it's been told to respond.

I use logcheck to email my firewall DENY's and snort alerts to several 
other boxes on my network

- John

John Sage
FinchHaven, Vashon Island, WA, USA
mailto:jsage at ...2022...
"The web is so, like, five minutes ago..."

Brent wrote:

> OK i got it running by editing the local.rules file to reflect my
> network....anywho ...is ACID the GUI for snort ??
> or does snort just report to syslog ???  or logcheck ?? or what ??
> Brent
> ----- Original Message -----
> From: "Brent" <misterb at ...2851...>
> To: "John Sage" <jsage at ...2022...>
> Cc: "'snort-users'" <snort-users at lists.sourceforge.net>
> Sent: Tuesday, October 02, 2001 12:27 PM
> Subject: Re: [Snort-users] snort local.rules help
>>ok ...but doesnt this defeat the purpose of haveing a local.rules
> file....i
>>know that its a set of rules for the local network...but how should
>>configure it ??  is there a referrence to go by ??  besides the
>>local.rules.sample that comes with the port
>>thank you for your replies
>>----- Original Message -----
>>From: "John Sage" <jsage at ...2022...>
>>To: "Brent" <misterb at ...2851...>
>>Cc: "'snort-users'" <snort-users at lists.sourceforge.net>
>>Sent: Monday, October 01, 2001 11:16 AM
>>Subject: Re: [Snort-users] snort local.rules help
>>>Try commenting the offending line in snort.conf out, thusly:
>>># include local.rules
>>>- John

More information about the Snort-users mailing list