[Snort-users] MySql-Acid logging

Elvira_Byrnes at ...8560... Elvira_Byrnes at ...8560...
Tue Apr 22 20:13:43 EDT 2003


Hi there

I followed your instructions Michael. I still don't have any reports. What
else can I check?

Thanks a lot.

Elvira

-----Original Message-----
From: Michael Steele [mailto:michaels at ...155...]
Sent: Saturday, 19 April 2003 6:36 AM
To: 'Cilin'
Cc: snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] MySql-Acid logging


Cilin,

Drop these into your local.rules. It will trigger on everything. I wouldn't
leave them on for too long as they will fill the database up very quickly.
Be sure to restart Snort after you add them. To disable them place a hash
mark in front of them and be sure to restart snort.

alert ip any any -> any any (msg:"Got an IP packet";)
alert tcp any any -> any any (msg:"Got an TCP packet";)
alert udp any any -> any any (msg:"Got an UDP packet";)
alert icmp any any -> any any (msg:"Got an ICMP packet";)

BTW, I posted this exact same reply yesterday.

-Michael
-- 
 Michael Steele | System Engineer / Support Technician     
 mailto:michaels at ...155...    
 Silicon Defense - The Cyber-War Defense Company
 Website: http://www.silicondefense.com
 Snort: Open Source Network IDS - http://www.snort.org

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Cilin
Sent: Friday, April 18, 2003 12:57 PM
To: snort-users at lists.sourceforge.net

Hi guys, 

I just set up Snort as a service and all the juicy
programs along with it. When I open the acid_main.php
i have no evidence of any intrusion(everything is 0).
Do you guys know a program or a way i can generate an
alert so i test to see if my configuration works.

Also would a port scan be considered an alert, because
i try scanning from a home network but no alerts were 
detected. I am blaming this on the network switch
rather than the alert problem.

thnks for any input in advance, 


=====
"Knowing others is wisdom, knowing yourself is Enlightenment." -Lao Tzu

__________________________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo
http://search.yahoo.com


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


******************** Confidentiality Statement *************************** 

This message contains privileged and confidential information intended only
for the use of the addressee named above.  If you are not the intended
recipient of this message, you must not disseminate, copy or take any action
in reliance on it.  If you have received this message in error, please
delete it from your system and notify the sender immediately.  Any views
expressed in this message are those of the individual sender, except where
the sender specifically states them to be the view of the company.





More information about the Snort-users mailing list