[Snort-users] Question regarding creating rules in Snortcenter ...

Michael Chapman MChapman at ...10754...
Thu Feb 12 09:35:12 EST 2004

This is on RedHat 9.0, with Snort 2.0.6 and the usual complement of
MySQL and ACID.  The rules I am trying to create using the interface in
Snortcenter don't seem to be active or locatable, for that matter.  Bear
with my ignorance here, but I thought that these rules would normally
get put into the local.rules file, yet no entries appear there when I
create a rule.  I do see them in the Snortcenter interface when I look
at the rules, which leads me to believe that the rules are in the SQL
database.  Is this a correct assumption?  If so, are the Snortcenter
interface and/or direct MySQL intervention the only ways to verify that
a rule is there?  Secondly, if the rule does exist, why am I not seeing
hits for it?


For example, I created a rule which just does nothing but alert on TCP
8987 (a port that only I am using for an app.)  I can clearly see other
traffic to and from the host that has that port active, but I do not see
any alerts.  I have activated the rule per the instructions on the
Snortcenter site, with green lights all around.


Am I being ignorant, or is there something I'm missing?  If I should
just re-RTFM, then please say so!


Thanks in advance!



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20040212/4cf054e1/attachment.html>

More information about the Snort-users mailing list