@empty rules files

[anagha b <banagha3 () gmail com>]

I tried to log the snort response for icmp ping flood but I have to add the
rule in

local.rules file

alert icmp any any -> any any (msg:"*ICMP test*"; classtype:bad-unknown;
sid:10000016; rev:1;)

barnyard giving following alert

11/14-15:22:01.905477  [**] [1:10000016:1] Snort Alert [1:10000016:1] [**]
11/14-15:22:02.036260  [**] [1:10000016:1] Snort Alert [1:10000016:1] [**]
11/14-15:22:02.037893  [**] [1:10000016:1] Snort Alert [1:10000016:1] [**]
11/14-15:22:02.189336  [**] [1:10000016:1] Snort Alert [1:10000016:1] [**]


msg* icmp test* is not displayed .

I checked  rule files are empty like ddos.rules , badtraffic.rules

Is it okay to have empty rule files ? I am not getting log inside
snort.log. When I am not specifying rule inside local.rules.

Or I have to specify my rules inside these empty files ? But I can include
my file in snort.conf by writing my own rules then why to keep these empty
files? or  the snort-snapshot for rules is not properly extracted?


Help needed.

------------------------------------------------------------------------------
DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps
OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access
Free app hosting. Or install the open source package on any LAMP server.
Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native!
http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!