Ben's notes

Linux, Unix, network, radio...

User Tools

Site Tools

Trace:
snort_2.9.6.1_centos_6.5

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
snort_2.9.6.1_centos_6.5 [2014/05/08 20:03] – [Configure Snort] adminsnort_2.9.6.1_centos_6.5 [2014/06/10 12:04] admin
Line 1: Line 1:
 +{{tag>[security snort centos6.5]}}
 +=====Snort 2.9.6.1 on CentOS 6.5=====
 ====Install prerequisites==== ====Install prerequisites====
   * EPEL repo   * EPEL repo
Line 16: Line 18:
 </code> </code>
 Copy any dynamic rulesets you have or are using to the above directory. Copy any dynamic rulesets you have or are using to the above directory.
 +
 +====Test rule====
 +Put as last line in snort.conf
 +  alert icmp any any -> 1.2.3.4 any (msg: "Gateway ping"; sid:10000001;)
 +
 +Find the alerts in the log
 +<code>
 +05/09-09:00:07.648953  [**] [1:10000001:0] Gateway ping [**] [Priority: 0] {ICMP} 6.7.8.9 -> 1.2.3.4
 +05/09-09:00:07.654956  [**] [1:10000001:0] Gateway ping [**] [Priority: 0] {ICMP} 6.7.8.9 -> 1.2.3.4
 +05/09-09:00:07.660981  [**] [1:10000001:0] Gateway ping [**] [Priority: 0] {ICMP} 6.7.8.9 -> 1.2.3.4
 +05/09-09:00:07.666729  [**] [1:10000001:0] Gateway ping [**] [Priority: 0] {ICMP} 6.7.8.9 -> 1.2.3.4
 +</code>
 +
 +You can even show contents of the packets with tcpdump
 +  tcpdump -r snort.log.1399615922
 +
  
snort_2.9.6.1_centos_6.5.txt · Last modified: 2021/10/09 15:14 by 127.0.0.1