[Snort-users] ERROR: ERROR /etc/snort/rules/snort.eth0.conf (97): Bad arguments to byte_test:

Erek Adams erek at ...950...
Sat Jul 5 12:57:13 EDT 2003


On Sat, 5 Jul 2003, Andre Cameron wrote:

> Hmm which GUI do you recommend?

Well, that's the wierd thing.  I'm a "do it yourself" and "command line"
kinda guy.  I manually edit my config files and rulsets, push them out
over an encrypted rsync and then use 'root-tail' on my workstation to keep
an eye on what's going on.  I'm in the process of building a comparision
setup for sguil [0] and ACID to see how they compare.

As for recommend... I recommend you do it yourself for a bit so that you
actually _understand_ what's going on behind the GUI.  That way when you
have some odd error pop up like this, you'll know that Snort isn't at
fault.  But that's my opinion, not a rule.

If you want the GUI for everything, I'd suggest you try them all.
Eventually, you'll find one that works well for you.


> I dont use auto blocking because to many false positives can block
> internal IPs which can have bed results.  I just wanted to look into it.
>  I was more interested with a firewall that had a centralized block list
> so that when I update one it updates all versus manually going through
> and adjusting all the firewalls.

Then I'd again suggest SnortSam.  It integrates well with multiple types
of firewalls and is cluefully designed.  Pick the firewall that it
supports that you know/want to learn.

> Thanks for the help:)

No problem.  That's the goal of this forum!

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson

[0]	http://sguil.sf.net/




More information about the Snort-users mailing list