[Snort-users] @empty rules files
banagha3 at ...11827...
Thu Nov 14 05:16:15 EST 2013
I tried to log the snort response for icmp ping flood but I have to add the
alert icmp any any -> any any (msg:"*ICMP test*"; classtype:bad-unknown;
barnyard giving following alert
11/14-15:22:01.905477 [**] [1:10000016:1] Snort Alert [1:10000016:1] [**]
11/14-15:22:02.036260 [**] [1:10000016:1] Snort Alert [1:10000016:1] [**]
11/14-15:22:02.037893 [**] [1:10000016:1] Snort Alert [1:10000016:1] [**]
11/14-15:22:02.189336 [**] [1:10000016:1] Snort Alert [1:10000016:1] [**]
msg* icmp test* is not displayed .
I checked rule files are empty like ddos.rules , badtraffic.rules
Is it okay to have empty rule files ? I am not getting log inside
snort.log. When I am not specifying rule inside local.rules.
Or I have to specify my rules inside these empty files ? But I can include
my file in snort.conf by writing my own rules then why to keep these empty
files? or the snort-snapshot for rules is not properly extracted?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users