Snort mailing list archives
Re: Snort won't generate alerts with single snort.rules file
From: waldo kitty <wkitty42 () windstream net>
Date: Thu, 06 Mar 2014 11:29:46 -0500
On 3/6/2014 9:23 AM, Anacleto Junior wrote:
When I run snort, I get this: 4559 Snort rules read But with the command you suggested: grep -v '#' /etc/snort/rules/snort.rules | grep -v '^$' | wc -l 4479 So the rules aren't loaded when I run snort? How can I proceed?
this is being misread... the above grep is looking in one rules directory but
normally there are several being used...
eg:
/var/snort/preproc_rules
/var/snort/rules
/var/snort/so_rules
the above is what is used on my of my installations... others use similar
because there are some rules files with the same names in each because the file
names are used as the "group" or "class" nomenclature...
it might also be better to count entries that start with "alert", "drop", and
the other verbs that snort rules can start with... but grep and other tools
being what they are, there are numerous ways to skin a critter...
so, if you are going to count rules, count all of those that snort can see and
use ;)
--
NOTE: No off-list assistance is given without prior approval.
Please keep mailing list traffic on the list unless
private contact is specifically requested and granted.
------------------------------------------------------------------------------
Subversion Kills Productivity. Get off Subversion & Make the Move to Perforce.
With Perforce, you get hassle-free workflows. Merge that actually works.
Faster operations. Version large binaries. Built-in WAN optimization and the
freedom to use Git, Perforce or both. Make the move to Perforce.
http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort won't generate alerts with single snort.rules file Anacleto Junior (Feb 28)
- Message not available
- Re: Snort won't generate alerts with single snort.rules file Anacleto Junior (Mar 06)
- Re: Snort won't generate alerts with single snort.rules file waldo kitty (Mar 06)
- Re: Snort won't generate alerts with single snort.rules file Michael Wisniewski (Mar 06)
- Re: Snort won't generate alerts with single snort.rules file Anacleto Junior (Mar 06)
- Message not available
- Re: Snort won't generate alerts with single snort.rules file Joel Esler (jesler) (Mar 06)
- Re: Snort won't generate alerts with single snort.rules file Anacleto Junior (Mar 06)
- Re: Snort won't generate alerts with single snort.rules file Joel Esler (jesler) (Mar 06)
- Re: Snort won't generate alerts with single snort.rules file SnortFan (Mar 11)
- Re: Snort won't generate alerts with single snort.rules file Anacleto Junior (Mar 12)
- Re: Snort won't generate alerts with single snort.rules file SnortFan (Mar 12)
- Re: Snort won't generate alerts with single snort.rules file Anacleto Junior (Mar 13)
- Re: Snort won't generate alerts with single snort.rules file SnortFan (Mar 14)
- Re: Snort won't generate alerts with single snort.rules file Anacleto Junior (Mar 06)