[Snort-users] Problem with rule

Nick Moore nmoore at ...1935...
Mon Nov 23 07:06:51 EST 2009


Can you send the Snort-users list a snip of the /var/log/snort/alert  
file so we can see which alerts are firing and attach a copy of your  
snort.conf? Others may know what is causing you trouble with the  
information given, but I need a little more help.

Also, if you could print the icmpv6 rule and send a pcap of the  
traffic you were expecting to alert, that would help me as well.


Sent from my mobile device.

Nick Moore
Phone 708-336-9041
Email nmoore at ...14707...

On Nov 23, 2009, at 3:36, sofia insat <sofia.insat at ...1855...> wrote:

> Hi everyone,
> I have defined a rule to alert an icmpv6 traffic
> but when I display /var/log/snort/alert I didn't find this alert and  
> I found other alert whereas I have one path rule in snort.config  
> (include $RULE_PATH/icmpv6.rules)
> Do you have any idea to resolve my problem??
> --- 
> --- 
> --- 
> ---------------------------------------------------------------------
> Let Crystal Reports handle the reporting - Free Crystal Reports 2008  
> 30-Day
> trial. Simplify your report design, integration and deployment - and  
> focus on
> what you do best, core application coding. Discover what's new with
> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20091123/75d9d03e/attachment.html>

More information about the Snort-users mailing list