[Snort-users] First time snorting ... ERROR: The dynamic detection library ...

waldo kitty wkitty42 at ...14940...
Tue Nov 19 15:30:37 EST 2013


On 11/19/2013 2:30 PM, Alan McKay wrote:
> Just a quick update - I have not had a chance until now to look at
> this - and the local test rules given are not triggering alerts but
> I'm not asking for further help just yet  - I'm going to dig into this
> a bit myself to see where I get.   I'm just bumping the thread with a
> quick update.

ok...

> I think first things first I'm going to get this daemonized and then
> figure out why those local rules are not being read because best I can
> tell that is my problem with those rules at this point.

FWIW: those rules will trigger on pretty much any traffic that snort sees... if 
they are not triggering at all, then your traffic may be packaged in some packet 
type...

are you using VLans?

> On Fri, Nov 15, 2013 at 12:15 PM, waldo kitty <wkitty42 at ...14940...> wrote:
>> . if it was, then things are
>> working properly... if it was not, then we have to look deeper...
>>
>> ----- snip -----
>> #
>> # The rules in this file are only to test a snort installation to see if it is
>> # seeing any traffic at all. These rules should NOT be used all the time. Once
>> # tested and working, this rule file should be commented out in your snort.conf
>> # so that it is not used.
>> #
>> #------------------
>> # LOCAL TEST RULES
>> #------------------


-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.




More information about the Snort-users mailing list