Home page logo

snort logo Snort mailing list archives

Help with a rule
From: Tyler MacPherson <tah338 () sr unh edu>
Date: Tue, 10 Dec 2013 12:20:55 -0500


I'm fairly new to Snort, and was wondering if I could get assistance 
with writing a rule. Our Snort system is watching over a private network 
of several secure servers. One of the things we'd like to look for is 
large chunks of data being transferred off any of these servers. I'm 
trying to come up with a rule that alerts us any time there is some 
movement of data over, say, 10MB, but I'm not sure how to go about doing 
this. Any suggestions?


Tyler MacPherson
Student Operator
UNH Research Computing Center
(603) 862-4518

Rapidly troubleshoot problems before they affect your business. Most IT 
organizations don't have a clear picture of how application performance 
affects their revenue. With AppDynamics, you get 100% visibility into your 
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
Snort-sigs mailing list
Snort-sigs () lists sourceforge net

Please visit http://blog.snort.org for the latest news about Snort!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]