LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page Snort, Rules
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 12-14-2004, 06:40 AM   #1
Tredo
LQ Newbie
 
Registered: Nov 2004
Posts: 24

Rep: Reputation: 15
Snort, Rules

Hey! =)

My question:

If I only want that snort shall log only one specified rule like "scan.rules" or "ftp.rules"

Then, how can i configure that?

Im runing my snort at the command: snort -dv -c /etc/snort.snort.conf, but I want to be more specified at my rules.

Im runing snort-mysql with ACID, works perfect, but It alert to much =)

Tanx for answer!

BTW! Dont run snort at Fedora Core 2, It sux a lot. I swiched to Debian and Its works perfect.
 
Old 12-20-2004, 12:36 AM   #2
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
Comment out the rest of the rules at the bottom of the snort.conf file and restart snort. though alerts will still be generated by any pre-processors. Might help if you posted some examples of the alerts. If it's one particular type of alert or one particular host you can usually fine tune the config or write a pass/bpf rule to avoid excess alerts or FPs.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Snort rules> priority linuxtommy Linux - Security 1 09-12-2004 09:35 PM
snort rules to vulns not yet published zuessh Linux - Security 1 02-12-2004 02:17 PM
updating snort rules zuessh Linux - Security 2 11-26-2003 01:11 PM
Snort Rules Canadian_2k2 Linux - Security 5 11-01-2002 10:24 PM
Snort configuration/ rules file bripage Linux - General 2 09-26-2002 04:52 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:57 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration