Re: Snort 2.9.6 doesn't alert using subscribed VRT ruleset but with ETOpen

[ped () gmx it]

Thanks Joel, the issues was with the disabled rule. Once I enabled it, Snort started to alert using VRT ruleset.

I know the selection of ruleset is subjective to the environment, is there any best practice for a set of rule that 
should be enabled when you want to monitor a single Internet facing webserver and ssh server?

Thanks,
Ped


On Sat, Apr 5, 2014 at 1:14 AM, Joel Esler (jesler) < jesler () cisco com > wrote:

Have you tried:

https://github.com/vrtadmin/snort-faq/blob/master/FAQ/Im-not-receiving-alerts-in-Snort.md 

Rule 2100498 is a copy of the VRT rule sid:498. It’s disabled by default in the ruleset, so you may have to enable it 
(notice that we don’t enable everything by default)

--
 *Joel Esler*
Open Source Manager
Threat Intelligence Team Lead
Vulnerability Research Team

------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!