[Snort-users] snort 2972 - not working, need help

Eugene Grama eugene.grama at ...11827...
Tue Mar 24 00:10:43 EDT 2015


Hell Guys,

Hope you are all doing fine.

I was able to make snort 2970 work in windows 7, due to some reason, we had
freeze this project and we are now again restarting it.

I was able to update snort to 2972 without error

Then I tried placing this rule in snort.rules file for testing purpose

alert tcp $HOME_NET any <> $EXTERNAL_NET any (msg:"NET - ACTIVITY-YAHOO";
classtype:unknown; sid:1000002; rev:1;)
alert icmp $HOME_NET any <> $EXTERNAL_NET any (msg:"PING - ACTIVITY";
classtype:unknown; sid:1000000; rev:1;)

Then i run snort -c c:\path\to\dir\snort.conf -l c:\path\to\snort\log -i4

and it run normally ("commencing packet processing" at the end)

Tried generating icmp(ping) traffic, but i cannot see any alert generated
from my alert log file.

Sorry for the grammar, hoping for your usual support

-- 
Thank you and Best regards,

Eugene
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150324/24e928e0/attachment.html>


More information about the Snort-users mailing list