[Snort-users] New Snort 2.2 Rules
eric.hines at ...8860...
Wed Sep 14 13:34:31 EDT 2005
I would recommend going over to your Snort sensor and making sure none
of the rules you downloaded (bleeding-edge?) etc.. broke Snort. Run a ps
listing and make sure Snort did not fail on restart. To get a verbose
output in the case that it is failing due to something in the snort.conf
or rulesets, run it from the command line in verbose mode: snort
-c /path/to/snort.conf -v
Eric Hines, GCIA, CISSP
Applied Watch Technologies, LLC
1095 Pingree Road
Crystal Lake, IL 60014
Toll Free: (877) 262-7593
"Enterprise Snort Management"
On Wed, 2005-09-14 at 15:26 -0500, Walt Rich wrote:
> I updated the Snort rules to the latest available on Souceforge's
> site. They wre auite out of date, and almost a year old. Snort is up
> and running, but has become very queit! It used to detect alot of
> false positives, which were a pain, but at least I knew it was
> working. Now it is very, very quiet, and hasn't detected anything in
> over 2 hours. Is it possible that the rule writers have become so
> good that the detection of false positives has been almost eliminated?
> Has anyone else experienced anything similar? Any input is greatly
> Parago Logo
> | Walt Rich | Sr. Network
> Engineer | Parago, Inc. |
> 972.538.7253 | walt.rich at ...12648...
More information about the Snort-users