[Snort-users] HI

twig les twigles at ...131...
Fri Jan 17 08:22:02 EST 2003

[Snort-users] How to get an answer to your question. 
 Forum:   SecurePoint - Snort mailing list archive 
 Date:      Jan 11, 11:01 
 From:      Erek Adams <erek at ...950...> 

Many times on this list (and other lists as well), I
see people ask a
question which generates _no_ responses.  Then in a
few days, you see a
very terse email from the original poster with "Since
I got no responses,
I'm asking again...".  Folks, it's not hard to get a
response--It's hard
to get a useful question!

Here are a few pointers on "How to ask your question
and get a useful
response" for folks on this list (and others).  Don't
be scared to post!
Just try to help _us_ help _you_!

1)   What OS and version?  Patches?  Service Packs?
2)   What version of Snort?  Build number?
3)   Built from tarball or a pre-packaged binary?
4)   Where did you get the source or binary from? 
Main site?  Mirror?
5)   Don't crosspost.
6)   Cut and paste error messages.  Don't send the
entire Snort startup
output, just send the error message and the 10-15
lines above it.
7)   Did you search the message archives [0] for your
message, or something similar?
8)   Did you read README, INSTALL, and BUGS inside the
tarballs /docs
9)   Did you read the man page?
10)  Did you read the Online users manual [1]?
11)  Did you look at the _ENTIRE_ FAQ [2]?
12)  Did you try Google?
13)  Did you write an accurate description of the
problem?  "When starting
Snort under a chroot jail, it fails upon opening of
the rules file."
14)  Do you realize no one is getting paid for this? 
Your boss might be
yelling at you, but we're (snort-users folks) doing
this out of the
goodness of our hearts so don't yell at us.

(For some more things 'not to do' have a look at the
Snort-Users drinking
game [3].  It's not mandatory, but it does give you an
idea of some of the
'not so good' things that are seen on the list.)

Above all:  Check the docs, archives and FAQ first. 
You might be able to
answer your own question right then!  No waiting
overnight or over the
weekend...  :)


Erek Adams

   "When things get weird, the weird turn pro."   H.S.

[1] http://www.snort.org/docs/writing_rules/
[2] http://www.snort.org/docs/faq.html  and in /docs
(from the
source tarball)


<ANTONIO.GUTIERREZ at ...7780...> wrote:
> i need help. i'm using snort 1.9, i loose 9 hour of
> alerts, i have to
> stop and start snort for it to start collecting
> agin, is there any issue
> with snort do this?
> Antonio Gutierrez
> Gutierra at ...7781...
> System Support specialist.
> 13000 Wm. Dodson Plwiy
> Farmers Branch, TX 75234
> 972-9192565

Know yourself and know your enemy and you will never fear defeat.         

Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.

More information about the Snort-users mailing list