[Snort-users] snort local.rules help
jsage at ...2022...
Thu Oct 4 06:58:02 EDT 2001
Of ACID, I know not..
It's a GUI-based front end for analysis, but snort is very happy without it.
I don't use ACID at all (heh.. haven't for 25 years.. oops.. hmm.)
Depending on your command line, and the settings in snort.conf, snort
will log where ever you tell it to..
Logcheck (the logcheck from Abacus/Psionic, anyway..) just watches what
gets put out by syslog and acts according to what it's been told to
monitor, and how it's been told to respond.
I use logcheck to email my firewall DENY's and snort alerts to several
other boxes on my network
FinchHaven, Vashon Island, WA, USA
mailto:jsage at ...2022...
"The web is so, like, five minutes ago..."
> OK i got it running by editing the local.rules file to reflect my
> network....anywho ...is ACID the GUI for snort ??
> or does snort just report to syslog ??? or logcheck ?? or what ??
> ----- Original Message -----
> From: "Brent" <misterb at ...2851...>
> To: "John Sage" <jsage at ...2022...>
> Cc: "'snort-users'" <snort-users at lists.sourceforge.net>
> Sent: Tuesday, October 02, 2001 12:27 PM
> Subject: Re: [Snort-users] snort local.rules help
>>ok ...but doesnt this defeat the purpose of haveing a local.rules
>>know that its a set of rules for the local network...but how should
>>configure it ?? is there a referrence to go by ?? besides the
>>local.rules.sample that comes with the port
>>thank you for your replies
>>----- Original Message -----
>>From: "John Sage" <jsage at ...2022...>
>>To: "Brent" <misterb at ...2851...>
>>Cc: "'snort-users'" <snort-users at lists.sourceforge.net>
>>Sent: Monday, October 01, 2001 11:16 AM
>>Subject: Re: [Snort-users] snort local.rules help
>>>Try commenting the offending line in snort.conf out, thusly:
>>># include local.rules
More information about the Snort-users