Snort.org home  
Got Source? About Snort About Sourcefire Snort FAQ
Sourcefire Network Security - the creators of Snort
Snort News Downloads Snort Docs Rules Snort Community Snort Forums Snort Training
Search Site
Search Rules
Account
email
password
not registered?
user preferences

Snort Forums Archive

Archive Home » General Chat » Snort Challenge - Different logging methods

Please note that the categories listed below represent an archived version of our forums pages. To view the current version and be able to post and reply to threads, please register and login here to go to the full forums pages.

[ Notice: Full Version of This Topic ]

Snort Challenge - Different logging methods


Posted by brevizniak on December 04, 2005 16:51:09

How can you write rules in a single instance of snort that use different alerting methods?

Posted by kens on January 06, 2006 13:50:28

You can use Custom Rule Actions. By using the ruletype keyword you can use this to reference custom actions from within your rules. The ruletype is defined in snort.conf and can then be used within your rules.

Eg: ruletype special_alert
{
type log
output log_tcpdump: special_alert_log
}

A rule can them be used such as below:
special_alert tcp $EXTERNAL_NET any -> $HOME_NET 6667 (msg:"Internal IRC Server";)


Posted by harryind on January 25, 2007 00:06:41

hi! I have installed Snort withBASE minimal on RH 4
Every thing went smooth while installation; however i do not see any details when i run https:///base
All the details are showing "0". How do i check if the snort is updating the log files or not.? Help is highly appreciated!

Posted by harryind on January 25, 2007 00:06:59

hi! I have installed Snort withBASE minimal on RH 4
Every thing went smooth while installation; however i do not see any details when i run https:///base
All the details are showing "0". How do i check if the snort is updating the log files or not.? Help is highly appreciated!

Posted by harryind on January 25, 2007 00:45:25

hi! I have installed Snort withBASE minimal on RH 4
Every thing went smooth while installation; however i do not see any details when i run https:///base
All the details are showing "0". How do i check if the snort is updating the log files or not.? Help is highly appreciated!

Posted by harryind on January 25, 2007 01:13:39

hi! I have installed Snort withBASE minimal on RH 4
Every thing went smooth while installation; however i do not see any details when i run https:///base
All the details are showing "0". How do i check if the snort is updating the log files or not.? Help is highly appreciated!
site feedback | Terms of Use | Privacy Policy | forum archives ©2007 Snort and Sourcefire are registered trademarks of Sourcefire, Inc. All rights reserved.