[Snort-users] Question about rules

Ricardo Barbosa ricardobarbosams at ...6873...
Wed Jan 27 00:52:08 EST 2010

Hello I am entering the world of IPs and began to test and learn
snort, but I have a question about creating rules. I
I was reading the snort manual in PDF file and has a chapter of
writing rules, following the documentation I created a rule as

alert tcp any any -> 80 (content:"test_rule"; msg: "TEST 

assembled a network with virtualbox with the following topology <---> (.1) snort (.1) <---> 

I put a web server (apache) on and created the following html
<h1> teste_rule</h1> 

and from the machine try to access this page through snort,
looking at the above rule should not generate an alert in the
file /var/log/snort/alert??

Can someone help me where I'm missing?


Fao?=a ligao?=o?=es para outros computadores com o novo Yahoo! Messenger 

More information about the Snort-users mailing list