[Snort-users] does not work local.rules

info+lucretia.ca info at ...2282...
Tue Aug 8 19:56:45 EDT 2006


Also make sure your snort.conf is actually looking at your local.rules.

This is commented out by default.

Cheers,

James Friesen, CIO
Lucretia Enterprises
Our World Is Here
info at lucretia dot ca
http://lucretia.ca


> -----Original Message-----
> From: snort-users-bounces at lists.sourceforge.net
> [mailto:snort-users-bounces at lists.sourceforge.net] On Behalf
> Of Lorine Ruotolo
> Sent: Tuesday, August 08, 2006 1:54 PM
> To: repniksz at ...13889...; snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] does not work local.rules
>
>
> I think ! may not be allowed in regular text within the rule
> because it is the NOT character.  You can use escape or hex
> forms of it, not sure what they are off the top of my head though.
>
> >From: repniksz at ...13889...
> >To: snort-users at lists.sourceforge.net
> >Subject: [Snort-users] does not work local.rules
> >Date: Tue, 8 Aug 2006 15:34:09 +0200
> >
> >Hi,
> >I've made a very simple rule in my local.rules:
> >alert tcp any any -> any 8080 ( msg: "Own"; content:
> "Hello!!!!"; ) and
> >after that i've watched a file in my browser on 8080 port, and i did
> >not get any alert.
> >The local.rules is in my snort.conf .
> >What is wrong?
>
>
> >-------------------------------------------------------------
> ----------
> >-- Using Tomcat but need to do more? Need to support web services,
> >security?
> >Get stuff done quickly with pre-integrated technology to
> make your job
> >easier Download IBM WebSphere Application Server v.1.0.1 based on
> >Apache Geronimo
> >http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057
> &dat=12164
> >2
>
>
> >_______________________________________________
> >Snort-users mailing list
> >Snort-users at lists.sourceforge.net
> >Go to this URL to change user options or unsubscribe:
> >https://lists.sourceforge.net/lists/listinfo/snort-users
> >Snort-users list archive:
> >http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> _________________________________________________________________
> Express yourself instantly with MSN Messenger! Download today
> - it's FREE!
> http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
>
>
> --------------------------------------------------------------
> -----------
> Using Tomcat but need to do more? Need to support web
> services, security?
> Get stuff done quickly with pre-integrated technology to make
> your job easier Download IBM WebSphere Application Server
> v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&
dat=121642
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>






More information about the Snort-users mailing list