Re: [Snort-users] dynamicdetection rules

From: Nerijus Krukauskas <nkrukauskas_at_nospam>
Date: Fri Feb 15 2008 - 12:38:38 GMT
To: snort-users@lists.sourceforge.net

On 14/02/2008, Richard Bejtlich <taosecurity@gmail.com> wrote:
> Nerijus Krukauskas wrote:
>
> > How do I enable dynamicdetection rules?
>
> I wrote a whole Snort Report
>
> http://searchsecuritychannel.techtarget.com/tips/index/0,289482,sid97_tax307691,00.html
>
> on this topic. Specifically,
>
> http://searchsecuritychannel.techtarget.com/tip/0,289483,sid97_gci1299181,00.html
>
> Please see if it answers your question.
>
> Sincerely,
>
> Richard

Thanks a lot. The part I was missing: all entries in so_rules/*rules were commented out. As soon as I added them into snort config w/o comments they were loaded and started to generate alerts. A very good article, Richard. Thanks again. -- http://nk99.org/ ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users

This message: [ Message body ]
Next message: Frank Knobbe: "Re: [Snort-users] making snort go fast"
Previous message: rmkml: "Re: [Snort-users] making snort go fast"
In reply to: Richard Bejtlich: "Re: [Snort-users] dynamicdetection rules"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]