Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 12-14-2004, 06:40 AM   #1
LQ Newbie
Registered: Nov 2004
Posts: 24

Rep: Reputation: 15
Snort, Rules

Hey! =)

My question:

If I only want that snort shall log only one specified rule like "scan.rules" or "ftp.rules"

Then, how can i configure that?

Im runing my snort at the command: snort -dv -c /etc/snort.snort.conf, but I want to be more specified at my rules.

Im runing snort-mysql with ACID, works perfect, but It alert to much =)

Tanx for answer!

BTW! Dont run snort at Fedora Core 2, It sux a lot. I swiched to Debian and Its works perfect.
Old 12-20-2004, 12:36 AM   #2
Senior Member
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
Comment out the rest of the rules at the bottom of the snort.conf file and restart snort. though alerts will still be generated by any pre-processors. Might help if you posted some examples of the alerts. If it's one particular type of alert or one particular host you can usually fine tune the config or write a pass/bpf rule to avoid excess alerts or FPs.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Snort rules> priority linuxtommy Linux - Security 1 09-12-2004 09:35 PM
snort rules to vulns not yet published zuessh Linux - Security 1 02-12-2004 02:17 PM
updating snort rules zuessh Linux - Security 2 11-26-2003 01:11 PM
Snort Rules Canadian_2k2 Linux - Security 5 11-01-2002 10:24 PM
Snort configuration/ rules file bripage Linux - General 2 09-26-2002 04:52 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:27 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration