[Snort-users] ruletype directive doesn't work: why?
anton at ...5376...
Tue May 7 06:42:11 EDT 2002
Usually, its pretty annoying when people post an obscure chunk of the
config file and ask 'why doesn't it work?', right?
But sometimes, it seems to be the only way to overcome sm major obstacle.
Like this, for example:
#custom rule to only DB incoming!
type log output
output database: log, mysql, user=snort dbname=snort_db host=localhost
incoming ip any any -> 184.108.40.206/24 any (msg: "Snort incoming";)
Linux 2.4.7-10 #1 Thu Sep 6 17:27:27 EDT 2001 i686 unknown
snort-1.8.6, built with mysql support (LOGS to mysql just fine if 'output
database:...' is present in config file, BUT not in ruletype).
Any ideas? The purpose of the above is to only log incoming packets coming
to the network, but not outgoing.
Thanks a lot for ANY hints!
Anton A. Chuvakin, Ph.D.
More information about the Snort-users