[Snort-users] NEWBIE: rule writing walkthru?
wayne at ...12097...
Tue Jul 13 06:55:17 EDT 2004
I'm brand new to Snort. Know what it is capable of and want to play
with it but I'm having trouble getting out of the blocks. I'm reading
through the docs and it seems pretty straight forward but I would like
to find a walkthru/tutorial or something like that for rule writing.
I'm wanting to use Snort as both an IDS AND a web usage monitor.
I'm working with a state agency and money is...well...there is no money
to spend on a Netappliance machine or something of that ilk. I was
thinking that if Snort can detect intrusions it must also be able to do
the web usage thing given the correct rule.
MCP, GSEC, GCIH pending
More information about the Snort-users