[Snort-users] Testing Snort

Heine Lysemose lysemose at ...11827...
Sun Mar 4 13:43:11 EST 2012


Try adding this to your local.rules

alert tcp any any <> any 80 (msg: "Test rule"; sid: 1000001;)

And start browsing a webpage.

Or try browsing to, http://testmyids.com

On Mar 4, 2012 7:19 PM, "Amit B" <amn0p at ...14399...> wrote:

> I have a few sensors that are sending alerts and a few not alerting at
> all. Is there a way of running certain tests to make sure Snort is running
> properly. I am aware of command line switch option to check on
> configuration but I want to tip off a few rules, so rules deliberately. Can
> you please suggest.
> Thanks,
> Ams
> ------------------------------------------------------------------------------
> Virtualization & Cloud Management Using Capacity Planning
> Cloud computing makes use of virtualization - but cloud computing
> also focuses on allowing computing to be delivered as a service.
> http://www.accelacomm.com/jaw/sfnl/114/51521223/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120304/3adfd2c8/attachment.html>

More information about the Snort-users mailing list