[Snort-users] Frethem snort rule

Matt Kettler mkettler at ...4108...
Wed Jul 17 07:45:08 EDT 2002


Well, I can't help you with Frethem, but I can point you to a good 
reference on writing your own snort rules:

This will cover the general syntax of the rules, and all of the options you 
have
http://www.snort.org/docs/writing_rules/

I'd recommend looking over some of the default rules, and if you want to 
have SID's for your rules, use sid:1000000 and up (that doc will point out 
that SID's >1,000,000 are Used for local rules). You can add your rules to 
local.rules and make sure that your snort.conf includes it.




At 09:11 PM 7/17/2002 +0700, BlowFish wrote:
>heloo folks;
>
>  any body in know about Frethem rules. and can explain to me how to
>create rules snort ?.
>
>Syam A. Yanuar
>
>
>
>
>-------------------------------------------------------
>This sf.net email is sponsored by:ThinkGeek
>Welcome to geek heaven.
>http://thinkgeek.com/sf
>_______________________________________________
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list