[prev in list] [next in list] [prev in thread] [next in thread]
List: snort-users
Subject: Re: [Snort-users] Problem with rule
From: Nick Moore <nmoore () sourcefire ! com>
Date: 2009-11-23 12:06:51
Message-ID: 796D4EF1-A3CD-458B-8A6F-058DB0024876 () sourcefire ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Sofia,
Can you send the Snort-users list a snip of the /var/log/snort/alert
file so we can see which alerts are firing and attach a copy of your
snort.conf? Others may know what is causing you trouble with the
information given, but I need a little more help.
Also, if you could print the icmpv6 rule and send a pcap of the
traffic you were expecting to alert, that would help me as well.
Thanks,
Sent from my mobile device.
Nick Moore
Phone 708-336-9041
Email nmoore@Sourcefire.com
On Nov 23, 2009, at 3:36, sofia insat <sofia.insat@yahoo.fr> wrote:
> Hi everyone,
>
> I have defined a rule to alert an icmpv6 traffic
> but when I display /var/log/snort/alert I didn't find this alert and
> I found other alert whereas I have one path rule in snort.config
> (include $RULE_PATH/icmpv6.rules)
>
> Do you have any idea to resolve my problem??
>
> ---
> ---
> ---
> ---------------------------------------------------------------------
> Let Crystal Reports handle the reporting - Free Crystal Reports 2008
> 30-Day
> trial. Simplify your report design, integration and deployment - and
> focus on
> what you do best, core application coding. Discover what's new with
> Crystal Reports now. http://p.sf.net/sfu/bobj-july
> _______________________________________________
> Snort-users mailing list
> Snort-users@lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
[Attachment #5 (text/html)]
<html><body bgcolor="#FFFFFF"><div>Sofia,</div><div><br></div><div>Can you send the \
Snort-users list a snip of the /var/log/snort/alert file so we can see which alerts \
are firing and attach a copy of your snort.conf? Others may know what is causing you \
trouble with the information given, but I need a little more \
help.</div><div><br></div><div>Also, if you could print the icmpv6 rule and send a \
pcap of the traffic you were expecting to alert, that would help me as \
well.</div><div><br></div><div>Thanks,<br><br>Sent from my mobile \
device.<div><br></div><div>Nick Moore</div><div>Phone 708-336-9041</div><div>Email <a \
href="mailto:nmoore@Sourcefire.com"><a \
href="mailto:nmoore@Sourcefire.com">nmoore@Sourcefire.com</a></a></div><div><br></div></div><div><br>On \
Nov 23, 2009, at 3:36, sofia insat <<a \
href="mailto:sofia.insat@yahoo.fr">sofia.insat@yahoo.fr</a>> \
wrote:<br><br></div><div></div><blockquote type="cite"><div><table cellspacing="0" \
cellpadding="0" border="0"><tbody><tr><td valign="top" style="font: inherit;">Hi \
everyone,<br><br>I have defined a rule to alert an icmpv6 traffic<br>but when I \
display /var/log/snort/alert I didn't find this alert and I found other alert <span \
class="number"></span><span class="definition">whereas I have one path rule in \
snort.config (include $RULE_PATH/icmpv6.rules)<br><br>Do you have any idea to resolve \
my problem??<br></span></td></tr></tbody></table><br>
</div></blockquote><blockquote \
type="cite"><div><span>------------------------------------------------------------------------------</span><br><span>Let \
Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day \
</span><br><span>trial. Simplify your report design, integration and deployment - and \
focus on </span><br><span>what you do best, core application coding. Discover what's \
new with</span><br><span>Crystal Reports now. <a \
href="http://p.sf.net/sfu/bobj-july"><a \
href="http://p.sf.net/sfu/bobj-july">http://p.sf.net/sfu/bobj-july</a></a></span></div></blockquote><blockquote \
type="cite"><div><span>_______________________________________________</span><br><span>Snort-users \
mailing list</span><br><span><a \
href="mailto:Snort-users@lists.sourceforge.net">Snort-users@lists.sourceforge.net</a></span><br><span>Go \
to this URL to change user options or unsubscribe:</span><br><span><a \
href="https://lists.sourceforge.net/lists/listinfo/snort-users">https://lists.sourceforge.net/lists/listinfo/snort-users</a></span><br><span>Snort-users \
list archive:</span><br><span><a \
href="http://www.geocrawler.com/redir-sf.php3?list=snort-users">http://www.geocrawler.com/redir-sf.php3?list=snort-users</a></span></div></blockquote></body></html>
------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic