[Snort-users] Snort - Logsurfer examples

Matt Howell mhowell at ...9084...
Thu May 1 15:01:09 EDT 2003


Due to a high volume of redundant alerts from swatch, I am finally
committing to setting up logsurfer. I have looked at the examples
available at:

ftp://ftp.cert.dfn.de/pub/tools/audit/logsurfer/config-examples/emf/snort.txt

I have seen many people making suggestions toward using logsurfer, but
from my searching of the list, I have not seen any posts of good rules. 
Can someone post a more verbose rule set?

I am new to the regex shorthand so I am trying to "learn through
example."  I also figured enough people are out there using it that
perhaps a discussion about the logsurfer rules might be beneficial...

TIA,

-Matt





More information about the Snort-users mailing list