[Snort-users] New Snort 2.2 Rules

Eric Hines eric.hines at ...8860...
Wed Sep 14 13:34:31 EDT 2005


I would recommend going over to your Snort sensor and making sure none
of the rules you downloaded (bleeding-edge?) etc.. broke Snort. Run a ps
listing and make sure Snort did not fail on restart. To get a verbose
output in the case that it is failing due to something in the snort.conf
or rulesets, run it from the command line in verbose mode: snort
-c /path/to/snort.conf -v


Eric Hines, GCIA, CISSP
CEO, President
Applied Watch Technologies, LLC
1095 Pingree Road
Suite 213
Crystal Lake, IL 60014
Web: http://www.appliedwatch.com
Toll Free: (877) 262-7593
"Enterprise Snort Management"

On Wed, 2005-09-14 at 15:26 -0500, Walt Rich wrote:
> I updated the Snort rules to the latest available on Souceforge's
> site.  They wre auite out of date, and almost a year old.  Snort is up
> and running, but has become very queit!  It used to detect alot of
> false positives, which were a pain, but at least I knew it was
> working.  Now it is very, very quiet, and hasn't detected anything in
> over 2 hours.  Is it possible that the rule writers have become so
> good that the detection of false positives has been almost eliminated?
> Has anyone else experienced anything similar?  Any input is greatly
> appreciated.
> Thanks! 
>                         Parago Logo
> ___________________________________
> | Walt Rich | Sr. Network
> Engineer | Parago, Inc. |
> 972.538.7253 | walt.rich at ...12648...
> |

More information about the Snort-users mailing list