Re: [Snort-users] does not work local.rules

Also make sure your snort.conf is actually looking at your local.rules.

This is commented out by default.

Cheers,

James Friesen, CIO
Lucretia Enterprises
Our World Is Here
info at lucretia dot ca
http://lucretia.ca


> -----Original Message-----
> From: snort-users-bounces@lists.sourceforge.net
> [mailto:snort-users-bounces@lists.sourceforge.net] On Behalf
> Of Lorine Ruotolo
> Sent: Tuesday, August 08, 2006 1:54 PM
> To: repniksz@aviva.co.hu; snort-users@lists.sourceforge.net
> Subject: Re: [Snort-users] does not work local.rules
>
>
> I think ! may not be allowed in regular text within the rule
> because it is the NOT character.  You can use escape or hex
> forms of it, not sure what they are off the top of my head though.
>
> > From: repniksz@aviva.co.hu
> > To: snort-users@lists.sourceforge.net
> > Subject: [Snort-users] does not work local.rules
> > Date: Tue, 8 Aug 2006 15:34:09 +0200
> >
> > Hi,
> > I've made a very simple rule in my local.rules:
> > alert tcp any any -> any 8080 ( msg: "Own"; content:
> "Hello!!!!"; ) and
> > after that i've watched a file in my browser on 8080 port, and i did
> > not get any alert.
> > The local.rules is in my snort.conf .
> > What is wrong?
>
>
> > -------------------------------------------------------------
> ----------
> > -- Using Tomcat but need to do more? Need to support web services,
> > security?
> > Get stuff done quickly with pre-integrated technology to
> make your job
> > easier Download IBM WebSphere Application Server v.1.0.1 based on
> > Apache Geronimo
> > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057
> &dat=12164
> > 2
>
>
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users@lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> _________________________________________________________________
> Express yourself instantly with MSN Messenger! Download today
> - it's FREE!
> http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
>
>
> --------------------------------------------------------------
> -----------
> Using Tomcat but need to do more? Need to support web
> services, security?
> Get stuff done quickly with pre-integrated technology to make
> your job easier Download IBM WebSphere Application Server
> v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&;
dat=121642
> _______________________________________________
> Snort-users mailing list
> Snort-users@lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users