[Snort-users] NEWBIE: rule writing walkthru?

shashank.joshi at ...12070... shashank.joshi at ...12070...
Wed Jul 14 08:41:41 EDT 2004

Snort manual...nothing else required for rules info

Good luck!


"It's difficult to improve perfection !"

"Wayne Fielder" <wayne at ...12097...> 
Sent by: snort-users-admin at lists.sourceforge.net
07/13/2004 07:24 PM

Please respond to
wayne at ...12097...

snort-users at lists.sourceforge.net

[Snort-users] NEWBIE: rule writing walkthru?

Greetings all,

    I'm brand new to Snort.  Know what it is capable of and want to play
with it but I'm having trouble getting out of the blocks.  I'm reading
through the docs and it seems pretty straight forward but I would like
to find a walkthru/tutorial or something like that for rule writing.

    I'm wanting to use Snort as both an IDS AND a web usage monitor. 
I'm working with a state agency and money is...well...there is no money
to spend on a Netappliance machine or something of that ilk.  I was
thinking that if Snort can detect intrusions it must also be able to do
the web usage thing given the correct rule.

Wayne Fielder
MCP, GSEC, GCIH pending

This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20040714/f09c6bdb/attachment.html>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: InterScan_Disclaimer.txt
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20040714/f09c6bdb/attachment.txt>

More information about the Snort-users mailing list