[Snort-users] how enable icmp snort-18.104.22.168
wkitty42 at ...14940...
Wed Jun 18 14:15:22 EDT 2014
On 6/18/2014 7:19 AM, hernani wrote:
> Em 17-06-2014 18:17, waldo kitty escreveu:
>> On 6/17/2014 9:03 AM, hernani wrote:
>>> *so snort detect icmp but not put in BASE*
>>> can someone help me??
>> please, have you read and followed up on the other list replies to your queries?
>> have you created the necessary stream5_icmp section?
> yes i create stream5_icmp
> were is the snort.conf
please do not see me as a butt but the following is not complete...
> preprocessor stream5_global: track_tcp yes, \
> track_udp yes, \
> track_icmp yes, \
> max_tcp 262144, \
> max_udp 131072, \
> max_active_responses 2, \
> min_response_seconds 5
> preprocessor stream5_icmp:
> but no udp and icmp alerts are show in BASE.
again, please post /all/ of your stream5 settings section... that could be 5
sections... global, tcp, udp, icmp and ip...
also, look here and tell us what you are missing in the above icmp section ;)
NOTE: No off-list assistance is given without prior approval.
Please *keep mailing list traffic on the list* unless
private contact is specifically requested and granted.
More information about the Snort-users