[Snort-users] Problem with the -o option

Kaplan, Andrew H. AHKAPLAN at ...10063...
Fri Nov 5 07:54:30 EST 2004


Hi there --

I am trying to use a policy-based.rules file and am running Snort 2.1.3 with the
-o option. The problem is, several servers that are listed
with pass rules specific to them seem to be ignored by the sensor and are
generating an inordinate amount of alerts in the database. I
have several questions concerning this:

1. When listing the -o option, do I need to include the full path the
policy-based.rules file similarly to how it is done for the -c snort.conf file?

2. The pass rules all have the <> operand between every instance of the source
and destination. Is there anything else I need to do within
the file?




More information about the Snort-users mailing list