[Snort-users] packet logging

cc cc at ...9707...
Wed Jul 23 00:09:04 EDT 2003


I'm new to snort and am finding it to be quite a
difficult app to understand.

I do have a basic setup done and just upgraded
to 2.0.1.  I have it logging to a log directory.

I'm just testing snort right now and was wondering if someone
could tell me if the following rule is wrong:

alert tcp any any -> $LAN any ( content: "GET /banner/"; \
                                msg: "banner test";)

It's in the myrules.rules file and is included in the
snort.conf file.

If a user from a workstation goes to a website and the
website sends a banner, shouldn't there be a log?


email: cc at ...9707...  | "A man who knows not where he goes,
                         |  knows not when he arrives."
                         |                - Anon

** All information contained in this email is strictly     **
** confidential and may be used by the intended receipient **
** only.                                                   **

More information about the Snort-users mailing list