From owner-freebsd-questions  Fri May 11  1:15:43 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from lists01.iafrica.com (lists01.iafrica.com [196.7.0.141])
	by hub.freebsd.org (Postfix) with ESMTP id 757AD37B422
	for <freebsd-questions@freebsd.org>; Fri, 11 May 2001 01:15:39 -0700 (PDT)
	(envelope-from sheldonh@uunet.co.za)
Received: from nwl.fw.uunet.co.za ([196.31.2.162])
	by lists01.iafrica.com with esmtp (Exim 3.12 #2)
	id 14y858-0007lX-00; Fri, 11 May 2001 10:15:26 +0200
Received: (from nobody@localhost) by nwl.fw.uunet.co.za (8.8.8/8.6.9) id KAA11619; Fri, 11 May 2001 10:15:24 +0200 (SAST)
Received: by nwl.fw.uunet.co.za via recvmail id 11328; Fri May 11 10:14:45 2001
Received: from sheldonh (helo=axl.fw.uunet.co.za)
	by axl.fw.uunet.co.za with local-esmtp (Exim 3.22 #1)
	id 14y84T-000J50-00; Fri, 11 May 2001 10:14:45 +0200
To: Kris Kennaway <kris@obsecurity.org>
Cc: freebsd-questions@freebsd.org
Subject: Re: FreeBSD IDS to babysit Microsoft hosts 
In-reply-to: Your message of "Fri, 11 May 2001 00:42:09 MST."
             <20010511004209.A18132@xor.obsecurity.org> 
Date: Fri, 11 May 2001 10:14:45 +0200
Message-ID: <73345.989568885@axl.fw.uunet.co.za>
From: Sheldon Hearn <sheldonh@uunet.co.za>
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG



On Fri, 11 May 2001 00:42:09 MST, Kris Kennaway wrote:

> You want snort (in ports)

Yes!!!

Kris, thanks so much, this is awesome stuff!

The port comes with a whole bunch of rules files that end in -lib.  The
snort web site has a snortrules.tar.gz in which files end in .rules.  I
assume that the rules on the web site should be used in preference over
those that come with the port?

Ciao,
Sheldon.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message