'Re: [Snort-users] Problem with rule'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       snort-users
Subject:    Re: [Snort-users] Problem with rule
From:       Nick Moore <nmoore () sourcefire ! com>
Date:       2009-11-23 12:06:51
Message-ID: 796D4EF1-A3CD-458B-8A6F-058DB0024876 () sourcefire ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


Sofia,

Can you send the Snort-users list a snip of the /var/log/snort/alert  
file so we can see which alerts are firing and attach a copy of your  
snort.conf? Others may know what is causing you trouble with the  
information given, but I need a little more help.

Also, if you could print the icmpv6 rule and send a pcap of the  
traffic you were expecting to alert, that would help me as well.

Thanks,

Sent from my mobile device.

Nick Moore
Phone 708-336-9041
Email nmoore@Sourcefire.com


On Nov 23, 2009, at 3:36, sofia insat <sofia.insat@yahoo.fr> wrote:

> Hi everyone,
>
> I have defined a rule to alert an icmpv6 traffic
> but when I display /var/log/snort/alert I didn't find this alert and  
> I found other alert whereas I have one path rule in snort.config  
> (include $RULE_PATH/icmpv6.rules)
>
> Do you have any idea to resolve my problem??
>
> --- 
> --- 
> --- 
> ---------------------------------------------------------------------
> Let Crystal Reports handle the reporting - Free Crystal Reports 2008  
> 30-Day
> trial. Simplify your report design, integration and deployment - and  
> focus on
> what you do best, core application coding. Discover what's new with
> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
> _______________________________________________
> Snort-users mailing list
> Snort-users@lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

[Attachment #5 (text/html)]

<html><body bgcolor="#FFFFFF"><div>Sofia,</div><div><br></div><div>Can you send the \
Snort-users list a snip of the /var/log/snort/alert file so we can see which alerts \
are firing and attach a copy of your snort.conf? Others may know what is causing you \
trouble with the information given, but I need a little more \
help.</div><div><br></div><div>Also, if you could print the icmpv6 rule and send a \
pcap of the traffic you were expecting to alert, that would help me as \
well.</div><div><br></div><div>Thanks,<br><br>Sent from my mobile \
device.<div><br></div><div>Nick Moore</div><div>Phone 708-336-9041</div><div>Email <a \
href="mailto:nmoore@Sourcefire.com"><a \
href="mailto:nmoore@Sourcefire.com">nmoore@Sourcefire.com</a></a></div><div><br></div></div><div><br>On \
Nov 23, 2009, at 3:36, sofia insat &lt;<a \
href="mailto:sofia.insat@yahoo.fr">sofia.insat@yahoo.fr</a>&gt; \
wrote:<br><br></div><div></div><blockquote type="cite"><div><table cellspacing="0" \
cellpadding="0" border="0"><tbody><tr><td valign="top" style="font: inherit;">Hi \
everyone,<br><br>I have defined a rule to alert an icmpv6 traffic<br>but when I \
display /var/log/snort/alert I didn't find this alert and I found other alert <span \
class="number"></span><span class="definition">whereas I have one path rule in \
snort.config (include $RULE_PATH/icmpv6.rules)<br><br>Do you have any idea to resolve \
my problem??<br></span></td></tr></tbody></table><br>




      </div></blockquote><blockquote \
type="cite"><div><span>------------------------------------------------------------------------------</span><br><span>Let \
Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day \
</span><br><span>trial. Simplify your report design, integration and deployment - and \
focus on </span><br><span>what you do best, core application coding. Discover what's \
new with</span><br><span>Crystal Reports now. &nbsp;<a \
href="http://p.sf.net/sfu/bobj-july"><a \
href="http://p.sf.net/sfu/bobj-july">http://p.sf.net/sfu/bobj-july</a></a></span></div></blockquote><blockquote \
type="cite"><div><span>_______________________________________________</span><br><span>Snort-users \
mailing list</span><br><span><a \
href="mailto:Snort-users@lists.sourceforge.net">Snort-users@lists.sourceforge.net</a></span><br><span>Go \
to this URL to change user options or unsubscribe:</span><br><span><a \
href="https://lists.sourceforge.net/lists/listinfo/snort-users">https://lists.sourceforge.net/lists/listinfo/snort-users</a></span><br><span>Snort-users \
list archive:</span><br><span><a \
href="http://www.geocrawler.com/redir-sf.php3?list=snort-users">http://www.geocrawler.com/redir-sf.php3?list=snort-users</a></span></div></blockquote></body></html>




------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with
Crystal Reports now.  http://p.sf.net/sfu/bobj-july

_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic