[Snort-users] Problem getting a snort rule to work

Pennell, Ronald B. rpennell at ...13261...
Thu Apr 14 06:00:14 EDT 2005


I'm extremely new to snort and have been trying to get a simple snort
rule to work.

 

I'm task with grabbing an alert for every email message that is going
outbound from my organization.

 

I've tried using the following local rule:

 

Alert tcp $SMTP_NET --> any 25

 

Alert udp    "                    "     "

 

Alert tcp $HOME_Net      "   "

 

When I check the acid viewer, I see no traffic at all.

 

Any help would be greatly appreciated.

 

Ron Pennell

rpennell at ...13261...

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20050414/980ef884/attachment.html>


More information about the Snort-users mailing list