[Snort-users] conflict with alert types
jordivi at ...10666...
Tue Dec 2 08:01:02 EST 2003
I've just installed snort and playing with config files. I have a
question I hope someone can tell me what I'm doing wrong.
I set up a rule to alert via SMB but it conflicts with standard
In my local.rules file I wrote:
output alert_smb: /etc/snort/smbalerthosts
smbalert tcp $HOME_NET any <> any any
Then, if I start snort, this rule works fine but no other alerts are
dumped to /var/log/snort/alert, even the file are not created at startup.
If I launch snort with "-A full" the alert file works fine but the rule
for SMB alerts dont.
I start snort like this:
/usr/local/snort/bin/snort -c /etc/snort/snort.conf -b -l /var/log/snort -D
snort is version 2.0.5 and the last rulesets,
More information about the Snort-users