[Snort-users] ACID

Michael Steele michaels at ...9077...
Thu Feb 12 18:01:06 EST 2004


Create a file called test.rules and insert the 3 rules below in that file
and save it to your /rules folder. Now in your snort.conf add a new include
line at the bottom for "test.rules". Now restart Snort and generate some
browser traffic and you should see all kinds of alerts in ACID being
generated.

Be sure to hash (#) out the new include line after the test is successful or
you will fill your database up. Be sure to restart Snort after you has the
line out. 

Test Rules: 

alert tcp any any -> any any (msg:"Alert: Got a TCP Packet";) 
alert udp any any -> any any (msg:"Alert: Got a UDP Packet";) 
alert icmp any any -> any any (msg:"Alert: Got a ICMP Packet";) 


Kindest regards, 

The WINSNORT.com Management Team
-- 
Pick up your FREE Windows or UNIX Snort installation guides       
mailto:support at ...9077...
Website: http://www.winsnort.com
Snort: Open Source Network IDS - http://www.snort.org


> -----Original Message-----
> From: Oliver [mailto:quemit at ...131...]
> Sent: Monday, February 09, 2004 4:58 PM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] ACID
> 
> 
> Installed ACID on Linux9. It look as if my SNort is
> functioning
> properly.
> My ACID web view is not displaying any events
> happening. I've
> preformed a couple of scans inside my network, still
> nothing is
> showing up on ACID. I've checked my snort.conf, it
> looks correct to
> me. Oh, by the way I'm new at this.
> Any suggestion?
> Thx






More information about the Snort-users mailing list