[Snort-users] Are the rules not being read?

Eric Zheng zhengeric at ...125...
Mon Apr 26 03:18:41 EDT 2010

I have set up snort successfully and I can get it to read pings to websites and scan packets.  However, I am testing out the chat rules which should trigger an alert whenever I sign onto MSN or Yahoo but it does not seem to do anything whenever I sign in and talk to people.  I have it enabled in snort.conf (took away the # sign) and see that chat.rules is in the rules directory.  Anyone know any possible causes of this?  Thank you.

PS:  I'm also getting a lot of 1384 "malformed advertisement" alerts which I believe to be false positives.  Any way to correct this?  Thanks.
The New Busy is not the too busy. Combine all your e-mail accounts with Hotmail.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100426/83d5bdbe/attachment.html>

More information about the Snort-users mailing list