michaels at ...9077...
Thu Feb 12 18:01:06 EST 2004
Create a file called test.rules and insert the 3 rules below in that file
and save it to your /rules folder. Now in your snort.conf add a new include
line at the bottom for "test.rules". Now restart Snort and generate some
browser traffic and you should see all kinds of alerts in ACID being
Be sure to hash (#) out the new include line after the test is successful or
you will fill your database up. Be sure to restart Snort after you has the
alert tcp any any -> any any (msg:"Alert: Got a TCP Packet";)
alert udp any any -> any any (msg:"Alert: Got a UDP Packet";)
alert icmp any any -> any any (msg:"Alert: Got a ICMP Packet";)
The WINSNORT.com Management Team
Pick up your FREE Windows or UNIX Snort installation guides
mailto:support at ...9077...
Snort: Open Source Network IDS - http://www.snort.org
> -----Original Message-----
> From: Oliver [mailto:quemit at ...131...]
> Sent: Monday, February 09, 2004 4:58 PM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] ACID
> Installed ACID on Linux9. It look as if my SNort is
> My ACID web view is not displaying any events
> happening. I've
> preformed a couple of scans inside my network, still
> nothing is
> showing up on ACID. I've checked my snort.conf, it
> looks correct to
> me. Oh, by the way I'm new at this.
> Any suggestion?
More information about the Snort-users