[Snort-users] Are the rules not being read?

Eric Zheng zhengeric at ...125...
Mon Apr 26 03:18:41 EDT 2010


I have set up snort successfully and I can get it to read pings to websites and scan packets.  However, I am testing out the chat rules which should trigger an alert whenever I sign onto MSN or Yahoo but it does not seem to do anything whenever I sign in and talk to people.  I have it enabled in snort.conf (took away the # sign) and see that chat.rules is in the rules directory.  Anyone know any possible causes of this?  Thank you.

PS:  I'm also getting a lot of 1384 "malformed advertisement" alerts which I believe to be false positives.  Any way to correct this?  Thanks.
 		 	   		  
_________________________________________________________________
The New Busy is not the too busy. Combine all your e-mail accounts with Hotmail.
http://www.windowslive.com/campaign/thenewbusy?tile=multiaccount&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_4
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100426/83d5bdbe/attachment.html>


More information about the Snort-users mailing list