[Snort-users] Is snort working?

Lee Brown leeb at ratnaling.org
Sun Feb 18 18:19:07 EST 2018


Here's what I used to test with:  My workstation ping 8.8.8.8 triggers this.

alert icmp 10.1.10.175 any -> 8.8.8.8 any (msg:"warning1";sid:1000001;rev:1)

On Sun, Feb 18, 2018 at 2:59 PM, Al Lewis (allewi) via Snort-users <
snort-users at lists.snort.org> wrote:

> Are you sure that snort is seeing traffic correctly?
>
>
>
> Write a custom rule and/or create some traffic or condition that will
> trigger a rule.
>
>
>
>
>
> *Albert Lewis*
>
> ENGINEER.SOFTWARE ENGINEERING
>
> SOURCE*fire*, Inc. now part of *Cisco*
>
> Email: allewi at cisco.com
>
> *From: *Snort-users <snort-users-bounces at lists.snort.org> on behalf of
> bobby via Snort-users <snort-users at lists.snort.org>
> *Reply-To: *bobby <architectofthefuture at gmail.com>
> *Date: *Sunday, February 18, 2018 at 3:04 PM
> *To: *"snort-users at lists.snort.org" <snort-users at lists.snort.org>
> *Subject: *[Snort-users] Is snort working?
>
>
>
> I am using the default registered user snort rules.  I have not modified
> the rules.  I noticed that my snort log has not been updated/growing.  I
> would think by default, many rules would be enabled, and the log would grow
> exponentially in size.  Am I wrong to assume this?
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.snort.org
> Go to this URL to change user options or unsubscribe:
> https://lists.snort.org/mailman/listinfo/snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
> Please follow these rules: https://snort.org/faq/what-is-
> the-mailing-list-etiquette
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20180218/bfc24a35/attachment.html>


More information about the Snort-users mailing list