[Snort-users] MySql-Acid logging
michaels at ...155...
Fri Apr 18 13:36:06 EDT 2003
Drop these into your local.rules. It will trigger on everything. I wouldn't
leave them on for too long as they will fill the database up very quickly.
Be sure to restart Snort after you add them. To disable them place a hash
mark in front of them and be sure to restart snort.
alert ip any any -> any any (msg:"Got an IP packet";)
alert tcp any any -> any any (msg:"Got an TCP packet";)
alert udp any any -> any any (msg:"Got an UDP packet";)
alert icmp any any -> any any (msg:"Got an ICMP packet";)
BTW, I posted this exact same reply yesterday.
Michael Steele | System Engineer / Support Technician
mailto:michaels at ...155...
Silicon Defense - The Cyber-War Defense Company
Snort: Open Source Network IDS - http://www.snort.org
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Cilin
Sent: Friday, April 18, 2003 12:57 PM
To: snort-users at lists.sourceforge.net
I just set up Snort as a service and all the juicy
programs along with it. When I open the acid_main.php
i have no evidence of any intrusion(everything is 0).
Do you guys know a program or a way i can generate an
alert so i test to see if my configuration works.
Also would a port scan be considered an alert, because
i try scanning from a home network but no alerts were
detected. I am blaming this on the network switch
rather than the alert problem.
thnks for any input in advance,
"Knowing others is wisdom, knowing yourself is Enlightenment." -Lao Tzu
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
More information about the Snort-users