Ben's notes

Linux, Unix, network, radio...

User Tools

Site Tools

Trace:
snort_2.9.6.1_centos_6.5

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
snort_2.9.6.1_centos_6.5 [2014/05/08 20:03] – [Configure Snort] adminsnort_2.9.6.1_centos_6.5 [2014/05/09 07:11] – [Test rule] admin
Line 16: Line 16:
 </code> </code>
 Copy any dynamic rulesets you have or are using to the above directory. Copy any dynamic rulesets you have or are using to the above directory.
 +
 +====Test rule====
 +Put as last line in snot.conf
 +  alert icmp any any -> 1.2.3.4 any (msg: "Gateway ping"; sid:10000001;)
 +
 +Find the alerts in the log
 +<code>
 +05/09-09:00:07.648953  [**] [1:10000001:0] Gateway ping [**] [Priority: 0] {ICMP} 6.7.8.9 -> 1.2.3.4
 +05/09-09:00:07.654956  [**] [1:10000001:0] Gateway ping [**] [Priority: 0] {ICMP} 6.7.8.9 -> 1.2.3.4
 +05/09-09:00:07.660981  [**] [1:10000001:0] Gateway ping [**] [Priority: 0] {ICMP} 6.7.8.9 -> 1.2.3.4
 +05/09-09:00:07.666729  [**] [1:10000001:0] Gateway ping [**] [Priority: 0] {ICMP} 6.7.8.9 -> 1.2.3.4
 +</code>
 +
 +You can even show contents of the packets with tcpdump
 +  tcpdump -r snort.log.1399615922
 +
  
snort_2.9.6.1_centos_6.5.txt · Last modified: 2021/10/09 15:14 by 127.0.0.1