[Typo3-linux] [Misc] Snort
Patxi Goitia
pgoitia at euskalnet.net
Fri Oct 7 15:10:05 CEST 2005
Hi, I've installed snort+ACID in the same box as Apache. I'm trying to
make it work, but no alerts are shown in ACID.
When I ask for an URL with 'illegal' string, I can see it in TCPdump,
but snort seems to ignore it.
Do anyone of you have experience with snort ?
I think 90% of installation is good, but some detail is keeping me from
having alerts...
This is my config:
preprocessor http_inspect: global \
iis_unicode_map unicode.map 1252 \
proxy_alert
preprocessor http_inspect_server: server default profile all \
ports { 80 81 8080 } \
flow_depth 0
And some include rules.
What line of conf am I missing to modify ?
TIA
More information about the TYPO3-linux
mailing list