LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 12-14-2004, 06:40 AM   #1
Tredo
LQ Newbie
 
Registered: Nov 2004
Posts: 24

Rep: Reputation: 15
Snort, Rules


Hey! =)

My question:

If I only want that snort shall log only one specified rule like "scan.rules" or "ftp.rules"

Then, how can i configure that?

Im runing my snort at the command: snort -dv -c /etc/snort.snort.conf, but I want to be more specified at my rules.

Im runing snort-mysql with ACID, works perfect, but It alert to much =)

Tanx for answer!

BTW! Dont run snort at Fedora Core 2, It sux a lot. I swiched to Debian and Its works perfect.
 
Old 12-20-2004, 12:36 AM   #2
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
Comment out the rest of the rules at the bottom of the snort.conf file and restart snort. though alerts will still be generated by any pre-processors. Might help if you posted some examples of the alerts. If it's one particular type of alert or one particular host you can usually fine tune the config or write a pass/bpf rule to avoid excess alerts or FPs.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Snort rules> priority linuxtommy Linux - Security 1 09-12-2004 09:35 PM
snort rules to vulns not yet published zuessh Linux - Security 1 02-12-2004 02:17 PM
updating snort rules zuessh Linux - Security 2 11-26-2003 01:11 PM
Snort Rules Canadian_2k2 Linux - Security 5 11-01-2002 10:24 PM
Snort configuration/ rules file bripage Linux - General 2 09-26-2002 04:52 AM


All times are GMT -5. The time now is 05:10 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration