[Snort-users] generating an alert
michaels at ...155...
Thu Apr 17 17:33:09 EDT 2003
Drop these into your local.rules. It will trigger on everything. I wouldn't
leave them on for too long as they will fill the database up very quickly.
Be sure to restart Snort after you add them. To disable them place a hash
mark in front of them and be sure to restart snort.
alert ip any any -> any any (msg:"Got an IP packet";)
alert tcp any any -> any any (msg:"Got an TCP packet";)
alert udp any any -> any any (msg:"Got an UDP packet";)
alert icmp any any -> any any (msg:"Got an ICMP packet";)
Michael Steele | System Engineer / Support Technician
mailto:michaels at ...155...
Silicon Defense - The Cyber-War Defense Company
Snort: Open Source Network IDS - http://www.snort.org
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Rick S.
Sent: Thursday, April 17, 2003 4:32 PM
To: snort-users at lists.sourceforge.net
I am new to snort. I would like to run it in IDS mode. so I used
snort -D -s -c /etc/snort/snort.conf
Its the stock snort.conf.
In syslog it says it initialized fine.
How can I test it? I would to know that it works and will log alerts to
syslog. Is there a way that I can generate an alert to prove its worth?
thanx for your time.
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
More information about the Snort-users