[Snort-users] Problem with the -o option
This is a discussion on [Snort-users] Problem with the -o option within the Snort forums, part of the System Security and Security Related category; Hi there -- I am trying to use a policy-based.rules file and am running Snort 2.1.3 with ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
11-05-2004
|
|||
|
|||
[Snort-users] Problem with the -o option
Hi there --
I am trying to use a policy-based.rules file and am running Snort 2.1.3 with the -o option. The problem is, several servers that are listed with pass rules specific to them seem to be ignored by the sensor and are generating an inordinate amount of alerts in the database. I have several questions concerning this: 1. When listing the -o option, do I need to include the full path the policy-based.rules file similarly to how it is done for the -c snort.conf file? 2. The pass rules all have the <> operand between every instance of the source and destination. Is there anything else I need to do within the file? ------------------------------------------------------- This SF.Net email is sponsored by: Sybase ASE Linux Express Edition - download now for FREE LinuxWorld Reader's Choice Award Winner for best database on Linux. http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
