[Snort-users] ACID

Scott Elgram SElgram at ...10477...
Tue Feb 24 06:59:39 EST 2004


Hello,
    I have installed Snort just like you have and received a similar result
once I got it running.  The reason for this was because I had not set any
rules for snort and thus it did not do anything.  In order to see if it was
actually running and to play around with it I simply added two rules that
would cause an alert for any type of traffic.

Alert ip any any -> any any (msg: "IP Packet Detected")
Alert icmp any any -> any any (msg: "Ping!")

The first rule will get triggered by any packet snort sees.  If there is
traffic on your network it should show ip in ACID.  The Second will show up
when you ping the interface that snort is monitoring.  I used this because I
was testing on a closed network that had no traffic.

**IMPORTANT:  You MUST remember to delete these two rules once you have
finished playing and have implemented snort on your network.  Otherwise it
will fill you hard drive with meaningless alerts.

-Scott Elgram

----- Original Message ----- 
From: "Fred McFeeters" <nfolink at ...125...>
To:
<Israel_Guadalupe_Lopez_Mascorro../Administracion/Jalisco at ...11222...>;
<snort-users at lists.sourceforge.net>
Sent: Monday, February 23, 2004 10:12 AM
Subject: RE: [Snort-users] ACID


> Have you checked that snort is logging to the db? And that acid has
> connection to that db?
>
> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net
> [mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of
> Israel_Guadalupe_Lopez_Mascorro../Administracion/Jalisco at ...11222...
> Sent: Monday, February 23, 2004 11:39 AM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] ACID
>
>
>
>
>
> Hi I installed snort ,php,acid ,mysql and apache in RH9 The installation
> was complete and Ican see the ACID page like in the manual`s example but
> the page does not have activity
> Do I have to do something else?
> Thanks
>
>
>
> -------------------------------------------------------
> SF.Net is sponsored by: Speed Start Your Linux Apps Now.
> Build and deploy apps & Web services for Linux with
> a free DVD software kit from IBM. Click Now!
> http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
> -------------------------------------------------------
> SF.Net is sponsored by: Speed Start Your Linux Apps Now.
> Build and deploy apps & Web services for Linux with
> a free DVD software kit from IBM. Click Now!
> http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>






More information about the Snort-users mailing list