[Snort-users] snort 2972 - not working, need help
eugene.grama at ...11827...
Tue Mar 24 00:10:43 EDT 2015
Hope you are all doing fine.
I was able to make snort 2970 work in windows 7, due to some reason, we had
freeze this project and we are now again restarting it.
I was able to update snort to 2972 without error
Then I tried placing this rule in snort.rules file for testing purpose
alert tcp $HOME_NET any <> $EXTERNAL_NET any (msg:"NET - ACTIVITY-YAHOO";
classtype:unknown; sid:1000002; rev:1;)
alert icmp $HOME_NET any <> $EXTERNAL_NET any (msg:"PING - ACTIVITY";
classtype:unknown; sid:1000000; rev:1;)
Then i run snort -c c:\path\to\dir\snort.conf -l c:\path\to\snort\log -i4
and it run normally ("commencing packet processing" at the end)
Tried generating icmp(ping) traffic, but i cannot see any alert generated
from my alert log file.
Sorry for the grammar, hoping for your usual support
Thank you and Best regards,
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users