[Snort-users] Snort not seeing my local rules

wkitty42 at ...14940... wkitty42 at ...14940...
Sun Feb 26 11:56:56 EST 2017


On 02/26/2017 09:31 AM, Dawit Admassu wrote:
> Snort can not see my local rules, I tried to apply some local rules but snort
> not registering.

did you include the file in your snort.conf?
what error, if any, is snort giving you about them?

generally speaking, the file is named local.rules and is stored in the same 
directory as all your other rules... they also need to be in proper format 
including the msg, content, sid and rev sections... what do your rules look like?

have you tried the local-test.rules file that is out and about? it alerts on all 
traffic and is used to make sure that snort is seeing traffic and analyzing it...

-- 
  NOTE: No off-list assistance is given without prior approval.
        *Please keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.




More information about the Snort-users mailing list