[Snort-users] (no subject)

Mike Miller mike at ...16027...
Sun Feb 23 10:48:24 EST 2014


I'll run snort twice. Once without the -D (daemon) flag, and one with it
when I'm sure Snort's running the way I want it.

Running without the -D will let you scroll back through the output and find
the 'XXXX rules out of YYYY total' line.

We also have a timed script that pings all ends of our network with a large
ICMP packet and a custom rule that says 'ICMP Healthyness Packet
Detected'....if you map them out over time, you can see times where the
network or the snort process was not happy.


On Sun, Feb 23, 2014 at 6:21 AM, Joel Esler (jesler) <jesler at ...589...>wrote:

> It will tell you at the end of the startup message.
>
> --
> Joel Esler
> Sent from my iPhone
>
> > On Feb 23, 2014, at 4:05, "Michal Šutta" <michal.sutta at ...11827...> wrote:
> >
> > Hello,
> >
> > How can I find out how many rules is usinig snort ?
> >
> ------------------------------------------------------------------------------
> > Managing the Performance of Cloud-Based Applications
> > Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
> > Read the Whitepaper.
> >
> http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> >
> > Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
>
> ------------------------------------------------------------------------------
> Managing the Performance of Cloud-Based Applications
> Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
> Read the Whitepaper.
>
> http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140223/f0f8ec62/attachment.html>


More information about the Snort-users mailing list