OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Brian Caswell (bmcmitre.org)
Date: Sun Jun 17 2001 - 10:12:35 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Subba Rao wrote:
    > The following are the preprocessors in the snort.conf file. I have changed the
    > IP addresses of the systems/network here.
    >
    > ====================================================================
    > var INTERNAL 192.168.1.0/24
    > var EXTERNAL !$INTERNAL
    > var DNS_SERVERS 192.168.1.5/24
    >
    > preprocessor http_decode: 80 8080
    > preprocessor minfrag: 128
    > preprocessor portscan: 1.1.1.1/2 5 3 portscan.log
    > preprocessor portscan-ignorehosts: 192.168.1.0/24
    >
    > #include /usr/security/snort/etc/snort-vision.conf
    >
    > output alert_full: alert
    > ====================================================================
    >
    > Why is Snort not logging any information about these trojan related alerts?

    Because you don't have any rules listed there. Uncomment the include
    statement
    and try again. 

    -- 
Brian Caswell
The MITRE Corporation

    _______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users