[Snort-users] Snort 2.2.0 ruletype not working

Sudom, Don dsudom1 at ...12658...
Fri Feb 25 05:54:14 EST 2005


I am unsuccessfully trying to get the ruletype method to work as

ruletype auditlog
  type alert
  output alert_syslog:  LOG_AUTH LOG_INFO
  output log_null

auditlog icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP PING *NIX";
itype:8; content:"|10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F|";

I have disabled the corresponding alert rule in the icmp-info.rules
file.  If I reenable the rule in the icmp-info.rules file it is picked
up as an alert (as expected).  If I disable in icmp-info.rules and
enable in local.rules no log is generated.

Is this a bug, as I cannot make any of the output plugins work within

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20050225/f16e2def/attachment.html>

More information about the Snort-users mailing list