smy at gcmlp.com
Fri Nov 9 21:37:22 GMT 2001
Ok, here's one. It's coming from a Windows system, so you might have
to resave it in a Unix based editor. My e-mail is Windows, but I have
Snort 1.8 running on Redhat 7.1 sending output to /var/log/messages.
This is a subset of a very large messages file with my addresses replaced
From: Johannes B. Ullrich [mailto:jullrich at euclidian.com]
Sent: Friday, November 09, 2001 2:37 PM
To: 'dshield at dshield.org'
Subject: RE: [Dshield] snort_18_syslog.pl
-----BEGIN PGP SIGNED MESSAGE-----
The rule base should not be the problem. Someone else sent me a similar
report of problems with this client. Can you please send me a show extract
from your messages log so I can try it here?
On Fri, 9 Nov 2001, Sue Young wrote:
> I'm trying the published snort client and having no luck.
> It doesn't catch anything in the messages log. I was wondering
> whether the rulbase you use matters. I like Whitehats better
> than the snort rules. Could that be the problem? I could switch
> back to the snort rulebase.
> Sue Young
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
jullrich at sans.org Join http://www.DShield.org
Distributed Intrusion Detection System
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
More information about the list