Let find the rules

/etc/snort/rules     (cd into folder..      see what’s there     ls)

is there a local.rules

sudo gedit local.rules

add this line

alert icmp any any -> any any (msg:”ICMP --- RECEIVED---WELL DONE!----“;sid:70000005;rev:1;)

sudo snort -c /etc/snort/snort.conf -l /var/log/snort/ -A full 

 

lets try a ping.   

lets find the log        sudo gedit /var/log/snort/alert

we can also use cat and grep

  • Facebook
  • LinkedIn

© IACD 2020.